tide_csrf

Struct CsrfMiddleware

Source 
pub struct CsrfMiddleware { /* private fields */ }
Expand description

Cross-Site Request Forgery (CSRF) protection middleware.

Implementations§

Source§

impl CsrfMiddleware

Source

pub fn new(secret: &[u8]) -> Self

Create a new instance.

§Defaults

The defaults for CsrfMiddleware are:

  • cookie path: /
  • cookie name: tide.csrf
  • cookie domain: None
  • ttl: 24 hours
  • header name: X-CSRF-Token
  • query param: csrf-token
  • form field: csrf-token
  • protected methods: [POST, PUT, PATCH, DELETE]
Source

pub fn with_ttl(self, ttl: Duration) -> Self

Sets the protection ttl. This will be used for both the cookie expiry and the time window over which CSRF tokens are considered valid.

The default for this value is one day.

Source

pub fn with_header_name(self, header_name: impl AsRef<str>) -> Self

Sets the name of the HTTP header where the middleware will look for the CSRF token.

Defaults to “X-CSRF-Token”.

Source

pub fn with_query_param(self, query_param: impl AsRef<str>) -> Self

Sets the name of the query parameter where the middleware will look for the CSRF token.

Defaults to “csrf-token”.

Source

pub fn with_form_field(self, form_field: impl AsRef<str>) -> Self

Sets the name of the form field where the middleware will look for the CSRF token.

Defaults to “csrf-token”.

Source

pub fn with_protected_methods(self, methods: &[Method]) -> Self

Sets the list of methods that will be protected by this middleware

Defaults to [POST, PUT, PATCH, DELETE]

Trait Implementations§

Source§

impl Debug for CsrfMiddleware

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<State> Middleware<State> for CsrfMiddleware
where State: Clone + Send + Sync + 'static,

Source§

fn handle<'life0, 'life1, 'async_trait>( &'life0 self, req: Request<State>, next: Next<'life1, State>, ) -> Pin<Box<dyn Future<Output = Result> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Asynchronously handle the request, and return a response.
Source§

fn name(&self) -> &str

Set the middleware’s name. By default it uses the type signature.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,