Wheb-0.3.1.0: The frictionless WAI Framework

Safe HaskellNone
LanguageHaskell2010

Web.Wheb.Plugins.Security

Description

Provides middleware and view protection against CSRF attacks. To ensure maximum protection, turn on the setting "enable-secure-cookies".

Synopsis

Documentation

csrfMiddleware :: MonadIO m => WhebHandlerT g s m -> WhebMiddleware g s m Source

A middleware to protect ALL incoming POST requests aginst CSRF, throwing the handler upon failure

csrfProtect :: MonadIO m => WhebHandlerT g s m -> WhebHandlerT g s m -> WhebHandlerT g s m Source

Takes a handler to throw when CSRF fails and a handler to run when it succeeds

csrfPassed :: MonadIO m => WhebT a b m Bool Source

CSRF reads a cookie value ("csrf_token") and compares it to either submitted post data (param "csrf_token") or request header (X-CSRF-TOKEN)

getCSRFToken :: MonadIO m => WhebT a b m Text Source

This will get or generate and set a new CSRF Token in the Cookies