class
Orion::Middleware::CSRF
- Orion::Middleware::CSRF
- Reference
- Object
Overview
CSRF (Cross-Site Request Forgery) Protection Generates and validates CSRF tokens for state-changing requests
Usage: use Orion::Middleware::CSRF.new(secret: ENV["SECRET_KEY_BASE"])
In views: <%= csrf_token %> # Get token <%= csrf_meta_tags %> # Add meta tags <%= csrf_hidden_field %> # Add hidden form field
Included Modules
- HTTP::Handler
Defined in:
orion/middleware/csrf.crConstant Summary
-
SAFE_METHODS =
["GET", "HEAD", "OPTIONS", "TRACE"] of ::String -
TOKEN_LENGTH =
32
Constructors
Instance Method Summary
- #call(context : HTTP::Server::Context)
- #cookie_name : String
- #cookie_name=(cookie_name : String)
- #header_name : String
- #header_name=(header_name : String)
- #param_name : String
- #param_name=(param_name : String)
- #secret : String
- #secret=(secret : String)
Constructor Detail
def self.new(secret : String, header_name : String = "X-CSRF-Token", param_name : String = "csrf_token", cookie_name : String = "_csrf_token")
#