Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ory/nosurf
Secure, fault tolerant, and maintained CSRF protection middleware for Go.
https://github.com/ory/nosurf
Now adds a `Vary: Cookie` header.
3a8872454222c6ff9e69c1ff6005055e73685211 authored about 11 years ago by Justinas Stankevičius <[email protected]>
3a8872454222c6ff9e69c1ff6005055e73685211 authored about 11 years ago by Justinas Stankevičius <[email protected]>
Workaround for failing GoCI build
The "go" tool fails when it tries to build a directory
where all the files are excluded by curre...
ListenAndServe blocks? Who would've thought!
227d0074d06b181edac897e6114788b43652de1e authored about 11 years ago by Justinas Stankevičius <[email protected]>
227d0074d06b181edac897e6114788b43652de1e authored about 11 years ago by Justinas Stankevičius <[email protected]>
merge: The new token generation algorithm. Fixes #1.
7245927c2cec58a9ae6a33179cc7c76363fbb88f authored over 11 years ago by Justinas Stankevičius <[email protected]>
7245927c2cec58a9ae6a33179cc7c76363fbb88f authored over 11 years ago by Justinas Stankevičius <[email protected]>
Further elaborating my choice of not caring about the error value
a16ca17ed7550ad9b6759d283817665e7be9f90f authored over 11 years ago by Justinas Stankevičius <[email protected]>
a16ca17ed7550ad9b6759d283817665e7be9f90f authored over 11 years ago by Justinas Stankevičius <[email protected]>
Switched to crypto/rand and removed sha256 hashing
1e09c18c528db4b68d7f4a1a2cbb2c4bd7e465c7 authored over 11 years ago by Justinas Stankevičius <[email protected]>
1e09c18c528db4b68d7f4a1a2cbb2c4bd7e465c7 authored over 11 years ago by Justinas Stankevičius <[email protected]>
nil slices work just fine with append/range
729e50c0698ecbd13f404b69c929a4b9826545cd authored over 11 years ago by Justinas Stankevičius <[email protected]>
729e50c0698ecbd13f404b69c929a4b9826545cd authored over 11 years ago by Justinas Stankevičius <[email protected]>
Oops, a mistake. Of course we *expected* sha256.Size
e46af92ef93490f518dc543b3678eafa10fefcd4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
e46af92ef93490f518dc543b3678eafa10fefcd4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
God dammit, GoCI...
43ef5170206a3b02bde07a86846c7f89600ed9ac authored over 11 years ago by Justinas Stankevičius <[email protected]>
43ef5170206a3b02bde07a86846c7f89600ed9ac authored over 11 years ago by Justinas Stankevičius <[email protected]>
Exempting examples from GoCI
f7d11f0efecc9de4212f8c287fdccda6874a16a3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
f7d11f0efecc9de4212f8c287fdccda6874a16a3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Emphasize not requiring any external dependencies
7edb79cd070290f2527a0be752de1c969d3a6fdc authored over 11 years ago by Justinas Stankevičius <[email protected]>
7edb79cd070290f2527a0be752de1c969d3a6fdc authored over 11 years ago by Justinas Stankevičius <[email protected]>
README update
fef7912973d3529355594e0e063d98348356102c authored over 11 years ago by Justinas Stankevičius <[email protected]>
fef7912973d3529355594e0e063d98348356102c authored over 11 years ago by Justinas Stankevičius <[email protected]>
Advanced example for using with net/http
e8bf00e170fa2ee73e3a26ecc624edbd26568e6d authored over 11 years ago by Justinas Stankevičius <[email protected]>
e8bf00e170fa2ee73e3a26ecc624edbd26568e6d authored over 11 years ago by Justinas Stankevičius <[email protected]>
Didn't skip the exempted paths before.
5f23cd998d0e17159d2ee61655e66177a349529d authored over 11 years ago by Justinas Stankevičius <[email protected]>
5f23cd998d0e17159d2ee61655e66177a349529d authored over 11 years ago by Justinas Stankevičius <[email protected]>
webgo example
d81abfcc63307cf1a2484c987b66849e145f1249 authored over 11 years ago by Justinas Stankevičius <[email protected]>
d81abfcc63307cf1a2484c987b66849e145f1249 authored over 11 years ago by Justinas Stankevičius <[email protected]>
The first example
9d3e977d2d28e3ad4994ea59ea7a06e1872210f1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
9d3e977d2d28e3ad4994ea59ea7a06e1872210f1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Duplicates the header. Whatever, it's not vital.
266c40fe618f4a3a5807749abd0996799bd43cd3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
266c40fe618f4a3a5807749abd0996799bd43cd3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Never call ConstantTimeCompare() with different length slices.
Never.
134f169bcd4db818f9ce509e6a3118ce4cb8ed2b authored over 11 years ago by Justinas Stankevičius <[email protected]>
I somehow FORGOT to complete these tests and messed up.
a3e0c3e69e5a786102e08e17b0b9393c4c39fb6f authored over 11 years ago by Justinas Stankevičius <[email protected]>
a3e0c3e69e5a786102e08e17b0b9393c4c39fb6f authored over 11 years ago by Justinas Stankevičius <[email protected]>
A basic README
647d0bac6a68f93a1291e5345297a2dd628c7320 authored over 11 years ago by Justinas Stankevičius <[email protected]>
647d0bac6a68f93a1291e5345297a2dd628c7320 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Documentation cleanups
e21f83711a4c2da14a52d1042353c1638c5c599f authored over 11 years ago by Justinas Stankevičius <[email protected]>
e21f83711a4c2da14a52d1042353c1638c5c599f authored over 11 years ago by Justinas Stankevičius <[email protected]>
CSRF token check
c03b0171f00b31f5b58c932184e72334a1601291 authored over 11 years ago by Justinas Stankevičius <[email protected]>
c03b0171f00b31f5b58c932184e72334a1601291 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Consistent naming
fd98484cb3338daf178f40f39396fcd6c985556a authored over 11 years ago by Justinas Stankevičius <[email protected]>
fd98484cb3338daf178f40f39396fcd6c985556a authored over 11 years ago by Justinas Stankevičius <[email protected]>
Referer-based check
b1b164f4ba8d5cfcb75ba0387735ab21fbbe0237 authored over 11 years ago by Justinas Stankevičius <[email protected]>
b1b164f4ba8d5cfcb75ba0387735ab21fbbe0237 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Token accessibility test
deeea6841be6c25f0be58fbd9b3541b984d12b00 authored over 11 years ago by Justinas Stankevičius <[email protected]>
deeea6841be6c25f0be58fbd9b3541b984d12b00 authored over 11 years ago by Justinas Stankevičius <[email protected]>
A helper function for comparing Origins
e971e87c26b8d67f17abfcdfedf23baf76a9a993 authored over 11 years ago by Justinas Stankevičius <[email protected]>
e971e87c26b8d67f17abfcdfedf23baf76a9a993 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Renew the cookie on success
1640e543b964e298fd86ca73e63e4c3ad08b70bc authored over 11 years ago by Justinas Stankevičius <[email protected]>
1640e543b964e298fd86ca73e63e4c3ad08b70bc authored over 11 years ago by Justinas Stankevičius <[email protected]>
Outsource the cookie setting logic
7c9a9c15e5e3d89fd70d17693eabc63f74007b0c authored over 11 years ago by Justinas Stankevičius <[email protected]>
7c9a9c15e5e3d89fd70d17693eabc63f74007b0c authored over 11 years ago by Justinas Stankevičius <[email protected]>
Glob-based exemptions
7a93b7d22dcd9a260b6b175a85a1d76fab1c9ea3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
7a93b7d22dcd9a260b6b175a85a1d76fab1c9ea3 authored over 11 years ago by Justinas Stankevičius <[email protected]>
A documentation update
519ac505fe8985146bed5693b80d6e98b1adee33 authored over 11 years ago by Justinas Stankevičius <[email protected]>
519ac505fe8985146bed5693b80d6e98b1adee33 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Regexp-based exemption
118c3e7ec29e03cccf66c91b7552db1f50cf7641 authored over 11 years ago by Justinas Stankevičius <[email protected]>
118c3e7ec29e03cccf66c91b7552db1f50cf7641 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Test for ExemptPaths()
2b6108d34844261bfdd6d9fe09e660158b0d508f authored over 11 years ago by Justinas Stankevičius <[email protected]>
2b6108d34844261bfdd6d9fe09e660158b0d508f authored over 11 years ago by Justinas Stankevičius <[email protected]>
Semantic changes
0cf054968f33e160043dd9927ad91d131c9bdda4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
0cf054968f33e160043dd9927ad91d131c9bdda4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Exempting an exact path
82f2bb1dad0a35d7cb8df32462d7a224d2b13591 authored over 11 years ago by Justinas Stankevičius <[email protected]>
82f2bb1dad0a35d7cb8df32462d7a224d2b13591 authored over 11 years ago by Justinas Stankevičius <[email protected]>
handleFailure()
8d2c039a38159bb8e9872c18a69d449617903de1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
8d2c039a38159bb8e9872c18a69d449617903de1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
We exempt paths (like "/home"), not URLs (like "http://dummy.us/home")
f87b002769dabec47425c6d9a5f26eef1f19cf33 authored over 11 years ago by Justinas Stankevičius <[email protected]>
f87b002769dabec47425c6d9a5f26eef1f19cf33 authored over 11 years ago by Justinas Stankevičius <[email protected]>
CSRFHandler now *is* a handler: still only checks safe methods
0a7120a5ed03419942cb71afb3ee20726588005e authored over 11 years ago by Justinas Stankevičius <[email protected]>
0a7120a5ed03419942cb71afb3ee20726588005e authored over 11 years ago by Justinas Stankevičius <[email protected]>
ctxClear()
862eec4e7d0e418771e9478907328dc0c2abd10b authored over 11 years ago by Justinas Stankevičius <[email protected]>
862eec4e7d0e418771e9478907328dc0c2abd10b authored over 11 years ago by Justinas Stankevičius <[email protected]>
Prefixing context methods with "ctx".
Name like "setToken()" isn't really clear in this case.
2fd1bf413c38849eb54c374b5bec08cd85fb4676 authored over 11 years ago by Justinas Stankevičius <[email protected]>
And a test for RegenerateToken setting the token in the map.
bfb8713fde2723a9e8758974533c78f77b4e26f4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
bfb8713fde2723a9e8758974533c78f77b4e26f4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
This should call setToken itself too
In case RegenerateToken() is called by the user
and not by our own ServeHTTP(),
it should get st...
SetBaseCookie documentation
177210717b9f373cbbd7acefe2dd1b06a7577708 authored over 11 years ago by Justinas Stankevičius <[email protected]>
177210717b9f373cbbd7acefe2dd1b06a7577708 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Basic token regenerating (cookie setting) for requests
faacacac2a4dbd0570b39003ca03f4cadee77784 authored over 11 years ago by Justinas Stankevičius <[email protected]>
faacacac2a4dbd0570b39003ca03f4cadee77784 authored over 11 years ago by Justinas Stankevičius <[email protected]>
A function testing if the given string exists in the slice
31196dc0bcaee9055178f0a1e135bb3c4e8d72f1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
31196dc0bcaee9055178f0a1e135bb3c4e8d72f1 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Renaming to differentiate it from *_test.go files
0d01914c1a4e23eb4f3e9afe61ce12e4970d4722 authored over 11 years ago by Justinas Stankevičius <[email protected]>
0d01914c1a4e23eb4f3e9afe61ce12e4970d4722 authored over 11 years ago by Justinas Stankevičius <[email protected]>
I suddenly don't like that whitespace anymore
a75b713e36a976c05081b75b42071261481cee95 authored over 11 years ago by Justinas Stankevičius <[email protected]>
a75b713e36a976c05081b75b42071261481cee95 authored over 11 years ago by Justinas Stankevičius <[email protected]>
A basic token generator
374662494014b6c510a27af4193dce7702459bf5 authored over 11 years ago by Justinas Stankevičius <[email protected]>
374662494014b6c510a27af4193dce7702459bf5 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Gotta use the real name
082c651b37a4d097c4a70179c502aa1133a20253 authored over 11 years ago by Justinas Stankevičius <[email protected]>
082c651b37a4d097c4a70179c502aa1133a20253 authored over 11 years ago by Justinas Stankevičius <[email protected]>
A simple context implementation
930554cbbaee1868563d3f84e10bfb887277d2a6 authored over 11 years ago by Justinas Stankevičius <[email protected]>
930554cbbaee1868563d3f84e10bfb887277d2a6 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Test utils
5ddc5ebdfe66992a2275aaf7e78d706cbb8baca4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
5ddc5ebdfe66992a2275aaf7e78d706cbb8baca4 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Rephrasing
dab609cd81d0c4f3dbedb58c84ba5deedda93361 authored over 11 years ago by Justinas Stankevičius <[email protected]>
dab609cd81d0c4f3dbedb58c84ba5deedda93361 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Documentation updates
e4a93994751401172e6eec520fb532a48ff96083 authored over 11 years ago by Justinas Stankevičius <[email protected]>
e4a93994751401172e6eec520fb532a48ff96083 authored over 11 years ago by Justinas Stankevičius <[email protected]>
Handler initialization code.
Isn't even much of a handler,
as it doesn't implement ServeHTTP() just yet.
Vim patterns for gitignore
0b0ed8d38725a7ba70ef4e87610c433bf9ecccba authored over 11 years ago by Justinas Stankevičius <[email protected]>
0b0ed8d38725a7ba70ef4e87610c433bf9ecccba authored over 11 years ago by Justinas Stankevičius <[email protected]>
Initial commit
2adf6670df20d6f8041d6f8b8dcb09bf64c7ac50 authored over 11 years ago by justinas <[email protected]>
2adf6670df20d6f8041d6f8b8dcb09bf64c7ac50 authored over 11 years ago by justinas <[email protected]>