Skip to content

Commit 34fdf15

Browse files
wiseaidevwiseaidev
authored
Merge pull request #3 from wiseaidev/csrf-fairing
Csrf fairing
2 parents 0f52983 + e99a970 commit 34fdf15

File tree

6 files changed

+460
-62
lines changed

6 files changed

+460
-62
lines changed

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "rocket_csrf_token"
3-
version = "0.3.1"
3+
version = "0.3.2"
44
authors = ["Alex Kotov <kotovalexarian@gmail.com>", "Mahmoud Harmouch <oss@wiseai.dev>"]
55
edition = "2021"
66
description = "CSRF (Cross-Site Request Forgery) protection for Rocket web framework"

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -115,11 +115,11 @@ See the complete code in [minimal example](examples/minimal).
115115

116116
## TODO
117117

118-
- [ ] Add fairing to verify all requests as an option.
118+
- [X] Add fairing to verify all requests as an option (Requires unit tests).
119+
- [X] Verify `X-CSRF-Token` header (Requires unit tests).
120+
- [X] Set cookie to expire with session (Requires unit tests).
119121
- [ ] Add [data guard](https://api.rocket.rs/v0.5-rc/rocket/data/trait.FromData.html) to verify forms with a guard.
120122
- [ ] Add helpers to render form field.
121-
- [ ] Add helpers to add HTML meta tags for Ajax with `X-CSRF-Token` header.
122-
- [ ] Verify `X-CSRF-Token` header.
123+
- [ ] Add helpers to add HTML meta tags for Ajax with `X-CSRF-Token` header (WIP).
123124
- [ ] Use authenticity token encryption from [Ruby on Rails](https://github.com/rails/rails/blob/v6.0.3.4/actionpack/lib/action_controller/metal/request_forgery_protection.rb).
124125
- [ ] Allow to configure CSRF protection (CSRF token byte length, cookie name, etc.).
125-
- [ ] Set cookie to expire with session.

examples/minimal/src/main.rs

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ fn new(
5858
_authenticated: Authenticated,
5959
) -> Template {
6060
let template_context = TemplateContext {
61-
authenticity_token: csrf_token.authenticity_token().to_string(),
61+
authenticity_token: csrf_token.authenticity_token().unwrap().to_string(),
6262
flash: flash.map(|flash| flash.message().to_string()),
6363
};
6464

@@ -71,7 +71,6 @@ fn create(
7171
form: Form<Comment>,
7272
_authenticated: Authenticated,
7373
) -> Flash<Redirect> {
74-
println!("{:?}", form.authenticity_token);
7574
if let Err(_) = csrf_token.verify(&form.authenticity_token) {
7675
return Flash::error(Redirect::to(uri!(new)), "Invalid authenticity token");
7776
}

0 commit comments

Comments
 (0)