View Source CsrfPlus (CsrfPlus v0.1.2)
A CSRF (Cross-Site Request Forgery) protection Plug with accesses storing support.
Summary
Functions
The default max age for a token
Digs into the connection data to make an user access information struct.
Put the token in the header. It uses the conn struct to determine the header name.
Put the token and the given access_id
in the session. Uses the conn struct to
determine the needed keys.
Put the token in the store. If a conn_to_access
function is implemented in the
configured store, that function will be called with the given params to generate
the CsrfPlus.UserAccess
to be put into the store. Also, have a look at CsrfPlus.Store.Behaviour
to see more about conn_to_access
callback.
Uses the plug configuration to put the token and its signed version
into the store, session and x-csrf-token
header.
Functions
The default max age for a token
Digs into the connection data to make an user access information struct.
Put the token in the header. It uses the conn struct to determine the header name.
Params
conn
- the connection struct.signed_token
- the signed version of the CSRF token.
Put the token and the given access_id
in the session. Uses the conn struct to
determine the needed keys.
Params
conn
- the connection struct.token
- the CSRF unsigned token.access_id
- the access id. If none is given no access id is put in the session. Defaults to nil.
Put the token in the store. If a conn_to_access
function is implemented in the
configured store, that function will be called with the given params to generate
the CsrfPlus.UserAccess
to be put into the store. Also, have a look at CsrfPlus.Store.Behaviour
to see more about conn_to_access
callback.
Params
conn
- the connection struct.token
- the CSRF unsigned token.access_id
- the access id. It's required here because a token must be associeted with an identifier.
Uses the plug configuration to put the token and its signed version
into the store, session and x-csrf-token
header.
This function uses the functions: put_session_token/3
, put_header_token/2
and put_store_token/3
base functions under the hood. So, you can have a look at them for more information about how this function works.
Params
conn
- The connection struct.opts
- The options.
Options
The options is a Keyword with the follwing keys:
:access_id
- the id of the access. If none is given CsrfPlus will generate one.:token_tuple
- a tuple with the token and its signed version in the format{token, signed_token}
. This option is required.:excludes
- a list of tokens to exclude. A excluded token will not be put into its corresponding store, session or header.
Excludes list
:session
- do not put the session token.:header
- do not put the header token.:store
- do not put the store token.