class CSRF

Overview

This middleware adds CSRF protection to your application.

Returns 403 "Forbidden" unless the current CSRF token is submitted with any non-GET/HEAD request.

Without CSRF protection, your app is vulnerable to replay attacks where an attacker can re-submit a form.

Defined in:

kemal-csrf.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(header : String = "X_CSRF_TOKEN", allowed_methods : Array(String) = ["GET", "HEAD", "OPTIONS", "TRACE"] of ::String, parameter_name : String = "authenticity_token", error : String | HTTP::Server::Context -> String = "Forbidden (CSRF)", allowed_routes : Array(String) = [] of String, http_only : Bool = false, samesite : HTTP::Cookie::SameSite | Nil = nil) #

[View source]

Instance Method Detail

def call(context) #

[View source]
def setup #

[View source]