ring.middleware.anti-forgery
Ring middleware to prevent CSRF attacks.
Ring middleware to prevent CSRF attacks.
*anti-forgery-token*clj
Binding that stores an anti-forgery token that must be included in POST forms or in HTTP headers if the handler is wrapped in the wrap-anti-forgery middleware.
The default session strategy stores the token directly, but other strategies may wrap the token in a delay if the token is expensive to compute. The var should therefore be realized with clojure.core/force before use.
Binding that stores an anti-forgery token that must be included in POST forms or in HTTP headers if the handler is wrapped in the wrap-anti-forgery middleware. The default session strategy stores the token directly, but other strategies may wrap the token in a delay if the token is expensive to compute. The var should therefore be realized with clojure.core/force before use.
wrap-anti-forgeryclj
(wrap-anti-forgery handler)(wrap-anti-forgery handler options)Middleware that prevents CSRF attacks. Any POST request to the handler returned by this function must contain a valid anti-forgery token, or else an access-denied response is returned.
The anti-forgery token can be placed into a HTML page via the
anti-forgery-token var, which is bound to a (possibly deferred) token.
The token is also available in the request under
:anti-forgery-token.
By default, the token is expected to be POSTed in a form field named '__anti-forgery-token', or in the 'X-CSRF-Token' or 'X-XSRF-Token' headers.
Accepts the following options:
:read-token - a function that takes a request and returns an anti-forgery token, or nil if the token does not exist
:error-response - the response to return if the anti-forgery token is incorrect or missing
:error-handler - a handler function to call if the anti-forgery token is incorrect or missing
:strategy - a strategy for creating and validating anti-forgety tokens, which must satisfy the ring.middleware.anti-forgery.strategy/Strategy protocol (defaults to the session strategy: ring.middleware.anti-forgery.session/session-strategy)
Only one of :error-response, :error-handler may be specified.
Middleware that prevents CSRF attacks. Any POST request to the handler
returned by this function must contain a valid anti-forgery token, or else an
access-denied response is returned.
The anti-forgery token can be placed into a HTML page via the
*anti-forgery-token* var, which is bound to a (possibly deferred) token.
The token is also available in the request under
`:anti-forgery-token`.
By default, the token is expected to be POSTed in a form field named
'__anti-forgery-token', or in the 'X-CSRF-Token' or 'X-XSRF-Token'
headers.
Accepts the following options:
:read-token - a function that takes a request and returns an anti-forgery
token, or nil if the token does not exist
:error-response - the response to return if the anti-forgery token is
incorrect or missing
:error-handler - a handler function to call if the anti-forgery token is
incorrect or missing
:strategy - a strategy for creating and validating anti-forgety tokens,
which must satisfy the
ring.middleware.anti-forgery.strategy/Strategy protocol
(defaults to the session strategy:
ring.middleware.anti-forgery.session/session-strategy)
Only one of :error-response, :error-handler may be specified.cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close