Giraffe.Antiforgery 1.0.0

Microsoft.AspNetCore.Antiforgery support for the Giraffe web framework.

Install-Package Giraffe.Antiforgery -Version 1.0.0
dotnet add package Giraffe.Antiforgery --version 1.0.0
<PackageReference Include="Giraffe.Antiforgery" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Giraffe.Antiforgery --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Giraffe.Antiforgery

Provides support for CSRF token generation and validation using the Microsoft.AspNetCore.Antiforgery package.

Getting Started

open Giraffe.Antiforgery
open Giraffe.GiraffeViewEngine.Antiforgery

// rest of code

let formView (token : AntiforgeryTokenSet) = 
    html [] [
        body [] [
                form [ _method "post" ] [
                        antiforgeryInput token
                        input [ _type "submit"; _value "Submit" ]
                    ]                                
            ]
    ]
	
let csrfHandler (token : AntiforgeryTokenSet) : HttpHandler = 
    fun (next: HttpFunc) (ctx : HttpContext) ->                                
        htmlView (formView token) next ctx

let webApp =
    choose [
        GET >=> choose [
                // using htmlView helper
                route "/token" >=> choose [ 
                        GET  >=> csrfHtmlView formView
                        POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)" 
                    ]
                // manual token handler
                route "/token" >=> choose [ 
                    GET  >=> csrfTokenizer csrfHandler
                    POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)" 
                ]
                route "/" >=> text "hello" 
            ]
        RequestErrors.NOT_FOUND "Not Found"
    ]

// rest of code

Handlers

csrfTokenizer

Generates a CSRF token using the Microsoft.AspNetCore.Antiforgery package, which is fed into the provided handler.

csrfTokenizer: (handler : AntiforgeryTokenSet -> HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

csrfHtmlView

Injects a newly generated CSRF token into a Giraffe.GiraffeViewEngine.XmlNode. Think enriched htmlView.

csrfHtmlView: (view : AntiforgeryTokenSet -> XmlNode) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

requiresCsrfToken

Checks the presence and validity of CSRF token and calls invalidTokenHandler on failure. Analogous to requiresAuthentication.

requiresCsrfToken: (invalidTokenHandler : HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

Html

antiforgeryInput

Generates the hidden CSRF input using the Giraffe.GiraffeViewEngine

antiforgeryInput (token : AntiforgeryTokenSet) -> XmlNode

Requires open Giraffe.GiraffeViewEngine.Antiforgery

Giraffe.Antiforgery

Provides support for CSRF token generation and validation using the Microsoft.AspNetCore.Antiforgery package.

Getting Started

open Giraffe.Antiforgery
open Giraffe.GiraffeViewEngine.Antiforgery

// rest of code

let formView (token : AntiforgeryTokenSet) = 
    html [] [
        body [] [
                form [ _method "post" ] [
                        antiforgeryInput token
                        input [ _type "submit"; _value "Submit" ]
                    ]                                
            ]
    ]
	
let csrfHandler (token : AntiforgeryTokenSet) : HttpHandler = 
    fun (next: HttpFunc) (ctx : HttpContext) ->                                
        htmlView (formView token) next ctx

let webApp =
    choose [
        GET >=> choose [
                // using htmlView helper
                route "/token" >=> choose [ 
                        GET  >=> csrfHtmlView formView
                        POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)" 
                    ]
                // manual token handler
                route "/token" >=> choose [ 
                    GET  >=> csrfTokenizer csrfHandler
                    POST >=> requiresCsrfToken (text "intruder!") >=> text "oh hi there ;)" 
                ]
                route "/" >=> text "hello" 
            ]
        RequestErrors.NOT_FOUND "Not Found"
    ]

// rest of code

Handlers

csrfTokenizer

Generates a CSRF token using the Microsoft.AspNetCore.Antiforgery package, which is fed into the provided handler.

csrfTokenizer: (handler : AntiforgeryTokenSet -> HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

csrfHtmlView

Injects a newly generated CSRF token into a Giraffe.GiraffeViewEngine.XmlNode. Think enriched htmlView.

csrfHtmlView: (view : AntiforgeryTokenSet -> XmlNode) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

requiresCsrfToken

Checks the presence and validity of CSRF token and calls invalidTokenHandler on failure. Analogous to requiresAuthentication.

requiresCsrfToken: (invalidTokenHandler : HttpHandler) -> (next: HttpFunc) -> (ctx : HttpContext) -> HttpFuncResult

Html

antiforgeryInput

Generates the hidden CSRF input using the Giraffe.GiraffeViewEngine

antiforgeryInput (token : AntiforgeryTokenSet) -> XmlNode

Requires open Giraffe.GiraffeViewEngine.Antiforgery

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.0.0 79 3/26/2020