EllaSource codeContentsIndex
signedCookiesProcessor :: String -> View -> View
data CSRFProtection = CSRFProtection {
csrfViewProcessor :: View -> View
csrfTokenField :: Request -> String
csrfTokenName :: String
csrfTokenValue :: Request -> String
mkCSRFProtection :: Cookie -> View -> String -> CSRFProtection
defaultCSRFRejectView :: View
signedCookiesProcessor :: String -> View -> ViewSource
Create view processor for implementing signed cookies. Pass a secret string (used for hashing), and apply the resulting function as a view processor.
data CSRFProtection Source

CSRF protection

Provides a view processor function and other utility functions for protecting against CSRF using a cookie. It sets a cookie to a random value, provides a function for adding tokens based on the value to outgoing forms, making them unique to each user, and requires incoming POST requests to have the same token.

csrfViewProcessor :: View -> Viewview processor that stops requests without the CSRF token and sets an outgoing cookie.
csrfTokenField :: Request -> Stringfunction that returns a hidden input field to be inserted into forms.
csrfTokenName :: Stringname to use for CSRF token in forms
csrfTokenValue :: Request -> StringReturns the raw CSRF token for a given request
:: Cookiecookie used for basis of CSRF cookie, must have at least name set, value and expires will be overwritten
-> Viewview to be used for rejects
-> Stringsecret string used for hashing
-> CSRFProtection
Creates a CSRFProtection object for the supplied options.
defaultCSRFRejectView :: ViewSource
Produced by Haddock version 2.4.2