class CSRF

CSRF
Kemal::Handler
Reference
Object

Overview

This middleware adds CSRF protection to your application.

Returns 403 "Forbidden" unless the current CSRF token is submitted with any non-GET/HEAD request.

Without CSRF protection, your app is vulnerable to replay attacks where an attacker can re-submit a form.

Defined in:

kemal-csrf.cr

Constructors

.new(header : String = "X_CSRF_TOKEN", allowed_methods : Array(String) = ["GET", "HEAD", "OPTIONS", "TRACE"] of ::String, parameter_name : String = "authenticity_token", error : String | HTTP::Server::Context -> String = "Forbidden (CSRF)", allowed_routes : Array(String) = [] of String, http_only : Bool = false, samesite : HTTP::Cookie::SameSite | Nil = nil)

Instance Method Summary

#call(context)
#setup

Constructor Detail

Instance Method Detail

def call(context) #

[View source]

def setup #

[View source]