Struct actix_web::middleware::csrf::CsrfFilter[][src]

pub struct CsrfFilter { /* fields omitted */ }

A middleware that filters cross-site requests.

To construct a CSRF filter:

  1. Call CsrfFilter::build to start building.
  2. Add allowed origins.
  3. Call finish to retrieve the constructed filter.

Example

use actix_web::middleware::csrf;
use actix_web::App;

let app = App::new()
    .middleware(csrf::CsrfFilter::new().allowed_origin("https://www.example.com"));

Methods

impl CsrfFilter
[src]

Start building a CsrfFilter.

Add an origin that is allowed to make requests. Will be verified against the Origin request header.

Allow all requests with an X-Requested-With header.

A cross-site attacker should not be able to send requests with custom headers unless a CORS policy whitelists them. Therefore it should be safe to allow requests with an X-Requested-With header (added automatically by many JavaScript libraries).

This is disabled by default, because in Safari it is possible to circumvent this using redirects and Flash.

Use this method to enable more lax filtering.

Allow requests if the expected Origin header is missing (and there is no Referer to fall back on).

The filter is conservative by default, but it should be safe to allow missing Origin headers because a cross-site attacker cannot prevent the browser from sending Origin on unprotected requests.

Allow cross-site upgrade requests (for example to open a WebSocket).

Trait Implementations

impl Default for CsrfFilter
[src]

Returns the "default value" for a type. Read more

impl<S> Middleware<S> for CsrfFilter
[src]

Method is called when request is ready. It may return future, which should resolve before next middleware get called. Read more

Method is called when handler returns response, but before sending http message to peer. Read more

Method is called after body stream get sent to peer.

Auto Trait Implementations

impl Send for CsrfFilter

impl Sync for CsrfFilter