Liking cljdoc? Tell your friends :D

io.pedestal.http.csrf

CSRF protection interceptor support, compatible with ring-anti-forgery

CSRF protection interceptor support, compatible with ring-anti-forgery
raw docstring

access-denied-responseclj

(access-denied-response body)

anti-forgeryclj

(anti-forgery)
(anti-forgery options)

Interceptor that prevents CSRF attacks. Any POST/PUT/PATCH/DELETE request to the handler returned by this function must contain a valid anti-forgery token, or else an access-denied response is returned.

The anti-forgery token can be placed into a HTML page via the ::anti-forgery-token within the request, which is bound to a random key unique to the current session. By default, the token is expected to be in a form field named '__anti-forgery-token', or in the 'X-CSRF-Token' or 'X-XSRF-Token' headers.

This behavior can be customized by supplying a map of options: :read-token a function that takes a request and returns an anti-forgery token, or nil if the token does not exist. :cookie-token a truthy value, if you want a CSRF double-submit cookie set :error-response the response to return if the anti-forgery token is incorrect or missing. :error-handler a handler function (passed the context) to call if the anti-forgery token is incorrect or missing (intended to return a valid response). :body-params a body-params parser map to use; If none is supplied, the default parsers will be used (standard body-params behavior)

Only one of :error-response, :error-handler may be specified.

Interceptor that prevents CSRF attacks. Any POST/PUT/PATCH/DELETE request to
the handler returned by this function must contain a valid anti-forgery
token, or else an access-denied response is returned.

The anti-forgery token can be placed into a HTML page via the
::anti-forgery-token within the request, which is bound to a random key
unique to the current session. By default, the token is expected to be in a
form field named '__anti-forgery-token', or in the 'X-CSRF-Token' or
'X-XSRF-Token' headers.

This behavior can be customized by supplying a map of options:
  :read-token
    a function that takes a request and returns an anti-forgery token, or nil
    if the token does not exist.
  :cookie-token
    a truthy value, if you want a CSRF double-submit cookie set
  :error-response
    the response to return if the anti-forgery token is incorrect or missing.
  :error-handler
    a handler function (passed the context) to call if the anti-forgery
    token is incorrect or missing (intended to return a valid response).
  :body-params
    a body-params parser map to use; If none is supplied, the default parsers
    will be used (standard body-params behavior)

Only one of :error-response, :error-handler may be specified.
raw docstring

anti-forgery-tokenclj


anti-forgery-token-strclj


default-error-responseclj


denied-msgclj


existing-tokenclj

(existing-token request)

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close