Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ory/nosurf

Secure, fault tolerant, and maintained CSRF protection middleware for Go.
https://github.com/ory/nosurf

fix: panic when no cookie is sent

26e50f5f5a1be31c0a9328a08a6de3a913641787 authored almost 3 years ago by aeneasr <[email protected]>
chore: format

4d5f0ef873002188d76e0a6b96f9cbea367a4813 authored almost 3 years ago by aeneasr <[email protected]>
fix: choose correct cookie when multiple are set

Resolves an issue where, when multiple CSRF cookies are set, a random one would be used to verif...

d28b877b3f19ae2c072014b580343c3f50ad9ec8 authored almost 3 years ago by aeneasr <[email protected]>
feat: add disable (#6)

* feat: add disable

* ci: run on ubuntu latest

2dc211960426a6473a666b24c8754a8ca9a62c35 authored about 3 years ago by hackerman <[email protected]>
feat: add glob matching to ignore (#5)

a79786e94d31e65311b531b5aa32f2c00b500c8f authored over 3 years ago by hackerman <[email protected]>
fix: delete unused code (#3)

if h.IsIgnored(r) == true,this methond will return before in line 149 .

6d9ab6cd44d505c62cfbc83ccacc3a455b2d8637 authored over 3 years ago by CedrusZhao <[email protected]>
feat: support contextual cookies

23c700bf2a0971cd1e00094a50bd566133d99630 authored almost 4 years ago by aeneasr <[email protected]>
fix: properly set context even when ignored

d73c7d573022daec422d2622d1357ba151337c83 authored about 4 years ago by aeneasr <[email protected]>
ci: build on push only

c8b86b106f5954a9055c2059925aa8f0e4957cba authored about 4 years ago by hackerman <[email protected]>
ci: add triggers

a692544ead8d836a3835020299822ddf7c580c76 authored about 4 years ago by hackerman <[email protected]>
refactor: remove legacy go support

56bb2a4359366e25644ca7c4a05fd4d9a0b5d351 authored about 4 years ago by aeneasr <[email protected]>
feat: add ignore functionality

70e8a76d8d655c25477c9b98d720d93235a33df8 authored about 4 years ago by aeneasr <[email protected]>
ci: replace travis with gh actions

14ee3cffeeff200bfda284ed2022d00ab4755c78 authored about 4 years ago by aeneasr <[email protected]>
fix: update import paths

dff90fdaa39eba0852f153e5da040f63872d023d authored about 4 years ago by aeneasr <[email protected]>
Prevent multiple `Set-Cookie` headers when calling RegenerateToken

Closes #61

f212597b65083e543be025e32f71bab89adbc085 authored about 4 years ago by aeneasr <[email protected]>
Add failing test case for double cookie setting

See #61

a47ef5388e73f2daaa751bcde157cefcce094d94 authored about 4 years ago by aeneasr <[email protected]>
fix: do not set cookies when exempt

0974feed4f842d0a812553ff09f1773acbbdbef7 authored about 4 years ago by aeneasr <[email protected]>
Merge pull request #60 from aeneasr/fix-verify

Resolve critical vulnerability allowing arbitrary tokens to pass as matching

4d86df7a4affa1fa50ab39fb09aac56c3ce9c314 authored over 4 years ago by Justinas Stankevičius <[email protected]>
Use single source of truth for equality checks (#1)

Enforced a single point of token equality check for all functions. Added a test case to demonstr...

0bc5e56a715eabf128e0a23f441e4fc447438ce8 authored over 4 years ago by Patrik <[email protected]>
Do not ignore decoding errors and other special cases

ee7691f82e7deaf450bb029227e481cfbbdbfb7d authored over 4 years ago by aeneasr <[email protected]>
Make nosurf a Go module

e51517007dc9daa543fc05e7d63f2636815757a3 authored about 5 years ago by Justinas Stankevicius <[email protected]>
Update Go versions in travis

1.0 and 1.1 seem to be gone.

57722cd9c9fefb2b3bcead395926c661307c287c authored about 5 years ago by Justinas Stankevicius <[email protected]>
Merge pull request #49 from alexedwards/master

Return empty string if token does not exist in request context

05988550ea1890c49b702363e53b3afa7aad2b4b authored over 5 years ago by Justinas Stankevičius <[email protected]>
Merge pull request #47 from machiel/feature/customize-cookie-name

Allow setting the name of the CSRF cookie

6453469bdcc9a5da46b528edb797565bbd21c356 authored almost 6 years ago by Justinas Stankevičius <[email protected]>
Merge pull request #50 from lon-io/master

ReadME Fix: Replace `Token(r)` with `nosurf.Token(r)`

3af30e51c05b8f9a64e8bd2d7e088d80d743d75d authored about 6 years ago by Justinas Stankevičius <[email protected]>
Replace Token(r) with nosurf.Token(r)

90dccc324089fda19b3d986bd4db069b09637451 authored over 6 years ago by Lon Ilesanmi <[email protected]>
Return empty string if token does not exist in request context

dffc98af50ffc1a0a705ba1a47ee0f19c3610083 authored over 6 years ago by Alex Edwards <[email protected]>
Allow changing base cookie name

8bf6c626b346189aa2a3bd9b0322a6b1c8eb6ef2 authored almost 7 years ago by Machiel Molenaar <[email protected]>
Update .travis.yml with new Go versions

7182011986c42c33f0a79fd4b07e41edc784532b authored about 7 years ago by Justinas Stankevicius <[email protected]>
Merge pull request #38 from matiasinsaurralde/lint

Simplify code, follow some linter suggestions

cbe5fdb4a426586632a1ff60eca311bd286220f5 authored over 7 years ago by Justinas Stankevičius <[email protected]>
Merge pull request #42 from alexedwards/master

Send a response body in defaultFailureHandler

ef63106238eb2dc6296ef70b254492f17fd288e2 authored over 7 years ago by Justinas Stankevičius <[email protected]>
Send a response body in defaultFailureHandler

cbc1b2e83d2f6c07d928cb98a3217c2de8298389 authored over 7 years ago by Alex Edwards <[email protected]>
Merge pull request #40 from bogem/small

Append whole slice instead of append every single element

109f773634ef3ec08784a0ec9997ea802791bb54 authored over 7 years ago by Justinas Stankevičius <[email protected]>
Append whole slice instead of append every single element

44c7bef5ed09b54ee97da8a7e588e7ec4abc18a0 authored over 7 years ago by Albert Nigmatzianov <[email protected]>
Simplify code

842926618ec724f54d1bafa2a30a527f05eb9d38 authored almost 8 years ago by Matias Insaurralde <[email protected]>
Merge pull request #36 from benmanns/patch-1

Remove reference to now-deleted examples directory

8e15682772641a1e39c431233e6a9338a32def32 authored over 8 years ago by Justinas Stankevičius <[email protected]>
Remove reference to now-deleted examples directory

This was removed in 2e708f28095ba17463e41438bbfd53abae8b6794 to fix #34.

95d4bd711f5a4d2bab62a9766a9a4c0c60b47126 authored over 8 years ago by Benjamin Manns <[email protected]>
Add forgotten files

1fc9c10ddc6bb3a702b086be7d4d9c54e58e41f2 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Fix build and tests for Go < 1.7

6d8c66d202e74f4839e4dafdda37ede04eb40b29 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Move out a go1.7-only test.

751c05d669a9bba5ea8ee6ee19e197e9378cc6c5 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Remove legacy tests

Besides, TestRegenerateToken never worked correctly in the first place

f57d55558e291774f0dff5bb6a2cf5c8f8fe861c authored over 8 years ago by Justinas Stankevicius <[email protected]>
Move out a legacy test

802f975ac1b6a73ee13f2979e05c2d2e55d2b8b8 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Utilize Context on Go 1.7

6595d7d0c127858c13f6baef7aab0000d747bf22 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Add test for token accessibility when using Context

cb8f85f14038b7cc387eea2238388562d9a087d2 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Remove examples (fixes #34).

To be added back in a neater place

2e708f28095ba17463e41438bbfd53abae8b6794 authored over 8 years ago by Justinas Stankevicius <[email protected]>
Cosmetics, typo

15aad14338c4d52da7213594578e93684fe5518c authored about 9 years ago by Justinas Stankevicius <[email protected]>
Merge pull request #32 from wader/use-http-error-content-type

Use http.Error to also set text/plain content type. Fixes #31

677db2686224c1f00a942238adf376fa5c4635cd authored about 9 years ago by Justinas Stankevičius <[email protected]>
Use http.Error to also set text/plain content type

Fixes #31

122db5e3e23aa74d7655c0135a9807ff5a4e22dd authored about 9 years ago by Mattias Wadman <[email protected]>
Remove duplicate link for docs

49e8f43d597476f31c84c07c262a3210a4f26ea6 authored about 9 years ago by Justinas Stankevicius <[email protected]>
Rearrange documentation topics

8dcc5da16ff7f2fede91ef715712cbfdd023d9f4 authored about 9 years ago by Justinas Stankevicius <[email protected]>
Merge pull request #29 from orian/expose-verify-token

Expose VerifyToken.

4de6753aebe408d5f5986525d2124c72b79e96e7 authored about 9 years ago by Justinas Stankevičius <[email protected]>
Fix VerifyToken and add documentation.

291a8141b4fbe75346a0b52b941c39df14c9651e authored about 9 years ago by orian <[email protected]>
Expose VerifyToken.

792ee287213fd27cd2e31c95940dec81cd8f2f0f authored over 9 years ago by orian <[email protected]>
Add CI for Go 1.4

45adcfcaf70610a5934db447ffe0ea9d13462c9e authored over 9 years ago by Justinas Stankevicius <[email protected]>
Move out token extraction, consider multipart values.

d00541e2a55f613838bd429200e12becc2f5b995 authored over 9 years ago by Justinas Stankevicius <[email protected]>
Add a test case for multipart

648608c9ab258e308c92f7696fb7237b02b566c3 authored over 9 years ago by Justinas Stankevicius <[email protected]>
Merge pull request #25 from StableLib/randerr

Make reads of random bytes panic on error.

59b1c02468698e59a8e9b907b61f9a1eb30db620 authored almost 10 years ago by Justinas Stankevičius <[email protected]>
Make reads of random bytes panic on error.

Since we check for availability of random reader on startup, errors on
rand.Reader probably won'...

56b9acacb75cbe43686c2982c2dc1502aa6addfd authored almost 10 years ago by Dmitry Chestnykh <[email protected]>
Update contribution notes

233ade3890238ecca6efa41d94a70d89df132ed6 authored almost 10 years ago by Justinas Stankevicius <[email protected]>
rename testutils.go to testutils_test.go

testutils.go imports "testing" but is included in normal, non-test
builds. This results in any p...

9c632be31ce659dc2e723be9a1da158b4a14a533 authored about 10 years ago by Dominik Honnef <[email protected]>
Merge pull request #20 from dominikh/master

rename testutils.go to testutils_test.go

177cb983cd3dac8bba529d0d52f6989d4442d698 authored about 10 years ago by Justinas Stankevičius <[email protected]>
Merge pull request #15 from paulbellamy/master

Added *CSRFHandler.ExemptFunc, for matching on more complex rules

100c24154ff2b869e95c043ab8f099c18e4d491f authored over 10 years ago by Justinas Stankevičius <[email protected]>
Added *CSRFHandler.ExemptFunc, for matching on more complex rules

73d8fde4a9148cff9db6f60aacf6c9c22dda1fad authored over 10 years ago by Paul Bellamy <[email protected]>
Merge pull request #12 from elithrar/doc-changes

Changed references to encrypt/decrypt to mask/unmask.

ec154dfdfc2d858985df1f0bb137547b1927879f authored over 10 years ago by Justinas Stankevičius <[email protected]>
Merge pull request #14 from elithrar/goji-example-extra

Fleshed out Goji example to show how to apply a custom nosurf instance.

0c2731b9e0048d46cad6a7f155362d4de9fc26b8 authored over 10 years ago by Justinas Stankevičius <[email protected]>
Fixed MaxAge usage.

fcbb674a3ccfbe21839cff47a951c6cf29a095ee authored over 10 years ago by Matt Silverlock <[email protected]>
Fleshed out Goji example to show how to apply a custom nosurf instance.

4bd4675d2cd71ae00a9c6012817335d103d466cb authored over 10 years ago by Matt Silverlock <[email protected]>
Changed references to encrypt/decrypt to mask/unmask.

This change clarifies the actual operation taking place.

1d8719a1488c5ffbf64e149d0fab42a50e9e34f4 authored over 10 years ago by Matt Silverlock <[email protected]>
Merge pull request #10 from elithrar/goji-example

Added Goji (https://goji.io) + nosurf example.

bb544fafc0fa71b0e0dc3a84e07a86077b16f882 authored over 10 years ago by Justinas Stankevičius <[email protected]>
Added Goji (https://goji.io) + nosurf example.

c63ee13517933d0dbd66ce83f029728f984df0f4 authored over 10 years ago by Matt Silverlock <[email protected]>
Merge pull request #9 from bfitzsimmons/patch-1

Fixed possible typo.

62df5b2f3e214380eb5de55867f1b43566ce8fb6 authored over 10 years ago by Justinas Stankevičius <[email protected]>
Fixed possible typo.

3e501e1349f539a9b489085e71a83bc518fe1bd1 authored over 10 years ago by Brant Fitzsimmons <[email protected]>
Remove unnecessary recreation of map.

fce30232cbd46b98caa3a4fdab6856bc5595cebb authored over 10 years ago by Justinas Stankevicius <[email protected]>
Fix the leaking of contexts. Closes #8

8108a85d0c3656e9c07cc936b92c6bc6b6a34288 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Ignore /examples, once again

05d5836528abfe2b1c49dc1ce1bf1d1780aeb76e authored over 10 years ago by Justinas Stankevicius <[email protected]>
Ignore examples/

0be3ca1a965bd31e278e0514392c992db1a17ac4 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Add Go 1.3

f61b078cd9f39b3947fb35ee746ec790ae887550 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Get rid of GoCI cruft

62f061b8c9894394514e889bea709bf1b5bbb8ba authored over 10 years ago by Justinas Stankevicius <[email protected]>
Require Go 1.1

http.Request.PostFormValue() is unavailable in Go 1.0.
The semantical difference between POST an...

c092355c6ce9a25f8a0e965cb10c4d35954d4a53 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Replace GoCI with Travis

c672eed38c983deaecf194db27872c98f198984a authored over 10 years ago by Justinas Stankevicius <[email protected]>
Golint

d0525110046dfa391cc0c532ac61b0bb2489caf0 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Add NewPure()

af442e6bcbe7a63b3e6f5f998edad963d2d0caac authored over 10 years ago by Justinas Stankevicius <[email protected]>
Test checking for PRNG

b3da8cbf9967ae5a9ee645884f98c00e7871f664 authored over 10 years ago by Justinas Stankevicius <[email protected]>
Remove unnecessary double token generation. Fixes #6

0a4d1f2ea3339d3c7e616900f797ef459de58be8 authored almost 11 years ago by Justinas Stankevicius <[email protected]>
go vet

6b646677e9ab868bd89483db4a0cc8f107f4c609 authored almost 11 years ago by Justinas Stankevičius <[email protected]>
Merge: masked tokens (BREACH mitigation)

6f3167802aaa71efc93702b6f11dbc13b09e112f authored about 11 years ago by Justinas Stankevičius <[email protected]>
README update

da1237c9d5da7e55698973b7ba311fb35f59d908 authored about 11 years ago by Justinas Stankevičius <[email protected]>
Finalize handler functionality on encrypted tokens

9bdb354aa4ca1c99f2015e76820f2dde39b65308 authored about 11 years ago by Justinas Stankevičius <[email protected]>
Document types of tokens

21aa91739978dc90dd4dd5b27191c91a71e3cc5e authored about 11 years ago by Justinas Stankevičius <[email protected]>
Context test modifications

184b0c4c8a5c7bc612f4ffbb63978d5d1c16df79 authored about 11 years ago by Justinas Stankevičius <[email protected]>
Documenting context changes

2357f52971b350cd7c17575e9ed18c0defa1e0f9 authored about 11 years ago by Justinas Stankevičius <[email protected]>
generateToken() now returns a raw token

3aacd38c990103085c16b712fbed66c6dacee2ef authored about 11 years ago by Justinas Stankevičius <[email protected]>
No plain tokens anymore

c6538d8c89be507d22243e5316092facdcce3ad3 authored about 11 years ago by Justinas Stankevičius <[email protected]>
More token tests

dba107b4d5b84fa30f3b083aa73a2bac0a31337b authored about 11 years ago by Justinas Stankevičius <[email protected]>
Token verification functions

b322e7aa8a7af6d08dabd5b7646b512c7429b0b1 authored about 11 years ago by Justinas Stankevičius <[email protected]>
"tokengen" -> "token", as it will contain other related funcs

5fb245a6d571f1c81e6debee604e605d8fc4139d authored about 11 years ago by Justinas Stankevičius <[email protected]>
Token encryption functions

079ec5cc32935371bbdc853a452a39aeae9fe0c6 authored about 11 years ago by Justinas Stankevičius <[email protected]>
One time pad implementation

c3fd09853f517d023d4312d140130da0b488fe9a authored about 11 years ago by Justinas Stankevičius <[email protected]>
Oops.

de82713d89eab0fa608db463362301d04fb9bfec authored about 11 years ago by Justinas Stankevičius <[email protected]>
Documentation fix

8a977365ca1989e9ad8466d8d99e1485725a5dca authored about 11 years ago by Justinas Stankevičius <[email protected]>