class CSRF
- CSRF
- Kemal::Handler
- Reference
- Object
Overview
This middleware adds CSRF protection to your application.
Returns 403 "Forbidden" unless the current CSRF token is submitted with any non-GET/HEAD request.
Without CSRF protection, your app is vulnerable to replay attacks where an attacker can re-submit a form.
Defined in:
kemal-csrf.crConstructors
Instance Method Summary
Constructor Detail
def self.new(header : String = "X_CSRF_TOKEN", allowed_methods : Array(String) = ["GET", "HEAD", "OPTIONS", "TRACE"] of ::String, parameter_name : String = "authenticity_token", error : String | HTTP::Server::Context -> String = "Forbidden (CSRF)", allowed_routes : Array(String) = [] of String, http_only : Bool = false, samesite : HTTP::Cookie::SameSite | Nil = nil)
#