Safe Haskell | None |
---|---|
Language | Haskell2010 |
Provides middleware and view protection against CSRF attacks. To ensure maximum protection, turn on the setting "enable-secure-cookies".
- csrfMiddleware :: MonadIO m => WhebHandlerT g s m -> WhebMiddleware g s m
- csrfProtect :: MonadIO m => WhebHandlerT g s m -> WhebHandlerT g s m -> WhebHandlerT g s m
- csrfPassed :: MonadIO m => WhebT a b m Bool
- getCSRFToken :: MonadIO m => WhebT a b m Text
Documentation
csrfMiddleware :: MonadIO m => WhebHandlerT g s m -> WhebMiddleware g s m Source
A middleware to protect ALL incoming POST requests aginst CSRF, throwing the handler upon failure
csrfProtect :: MonadIO m => WhebHandlerT g s m -> WhebHandlerT g s m -> WhebHandlerT g s m Source
Takes a handler to throw when CSRF fails and a handler to run when it succeeds
csrfPassed :: MonadIO m => WhebT a b m Bool Source
CSRF reads a cookie value ("csrf_token") and compares it to either submitted post data (param "csrf_token") or request header (X-CSRF-TOKEN)
getCSRFToken :: MonadIO m => WhebT a b m Text Source
This will get or generate and set a new CSRF Token in the Cookies