Giraffe.Antiforgery
1.0.0
dotnet add package Giraffe.Antiforgery --version 1.0.0
NuGet\Install-Package Giraffe.Antiforgery -Version 1.0.0
<PackageReference Include="Giraffe.Antiforgery" Version="1.0.0" />
paket add Giraffe.Antiforgery --version 1.0.0
#r "nuget: Giraffe.Antiforgery, 1.0.0"
// Install Giraffe.Antiforgery as a Cake Addin
#addin nuget:?package=Giraffe.Antiforgery&version=1.0.0
// Install Giraffe.Antiforgery as a Cake Tool
#tool nuget:?package=Giraffe.Antiforgery&version=1.0.0
Giraffe.Antiforgery
Provides support for CSRF token generation and validation using the Microsoft.AspNetCore.Antiforgery package.
Getting Started
open Giraffe.Antiforgery
open Giraffe.GiraffeViewEngine.Antiforgery
// rest of code
let formView (token : AntiforgeryTokenSet) =
html [] [
body [] [
form [ _method "post" ] [
antiforgeryInput token
input [ _type "submit"; _value "Submit" ]
]
]
]
let csrfHandler (token : AntiforgeryTokenSet) : HttpHandler =
fun (next: HttpFunc) (ctx : HttpContext) ->
htmlView (formView token) next ctx
let webApp =
choose [
GET >=> choose [
// using htmlView helper
route "/token" >=> choose [
GET >=> csrfHtmlView formView
POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)"
]
// manual token handler
route "/token" >=> choose [
GET >=> csrfTokenizer csrfHandler
POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)"
]
route "/" >=> text "hello"
]
RequestErrors.NOT_FOUND "Not Found"
]
// rest of code
Handlers
csrfTokenizer
Generates a CSRF token using the Microsoft.AspNetCore.Antiforgery package, which is fed into the provided handler.
csrfTokenizer: (handler : AntiforgeryTokenSet -> HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult
csrfHtmlView
Injects a newly generated CSRF token into a Giraffe.GiraffeViewEngine.XmlNode. Think enriched htmlView.
csrfHtmlView: (view : AntiforgeryTokenSet -> XmlNode) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult
requiresCsrfToken
Checks the presence and validity of CSRF token and calls invalidTokenHandler on failure. Analogous to requiresAuthentication.
requiresCsrfToken: (invalidTokenHandler : HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult
Html
antiforgeryInput
Generates the hidden CSRF input using the Giraffe.GiraffeViewEngine
antiforgeryInput (token : AntiforgeryTokenSet) -> XmlNode
Requires
open Giraffe.GiraffeViewEngine.Antiforgery
| Product | Versions |
|---|---|
| .NET | net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows net7.0 net7.0-android net7.0-ios net7.0-maccatalyst net7.0-macos net7.0-tvos net7.0-windows |
| .NET Core | netcoreapp2.0 netcoreapp2.1 netcoreapp2.2 netcoreapp3.0 netcoreapp3.1 |
| .NET Standard | netstandard2.0 netstandard2.1 |
| .NET Framework | net461 net462 net463 net47 net471 net472 net48 net481 |
| MonoAndroid | monoandroid |
| MonoMac | monomac |
| MonoTouch | monotouch |
| Tizen | tizen40 tizen60 |
| Xamarin.iOS | xamarinios |
| Xamarin.Mac | xamarinmac |
| Xamarin.TVOS | xamarintvos |
| Xamarin.WatchOS | xamarinwatchos |
-
.NETStandard 2.0
- FSharp.Core (>= 4.7.0)
- Giraffe (>= 4.0.1)
- Microsoft.AspNetCore.Antiforgery (>= 2.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.0 | 826 | 3/26/2020 |