vweb.csrf #

struct App #

struct App {
	vweb.Context
	csrf_cookie_value string
}

fn (App) csrf_protect #

fn (mut app App) csrf_protect() CheckedApp

csrf_protect - protects a handler-function against CSRF. Should be set at the beginning of the handler-function.

fn (App) get_csrf_token #

fn (mut app App) get_csrf_token() ?string

get_csrf_token - returns the CSRF-Token that has been set. Make sure that you set one by using set_csrf_cookie(). If it's value is empty or no cookie has been generated, the function will throw an error.

fn (App) set_csrf_cookie #

fn (mut app App) set_csrf_cookie(h ...HttpOnly) App

set_csrf_cookie - generates a CSRF-Token and sets the CSRF-Cookie. It is possible to set the HttpOnly-status of the cookie to false by adding an argument of the HttpOnly-struct like this: app.set_csrf_cookie(csrf.HttpOnly{false}) If no argument is set, http_only will be set to trueby default.

struct HttpOnly #

struct HttpOnly {
	http_only bool
}

struct App
struct HttpOnly