Package

purescript-bucketchain-csrf

Repository
Bucketchain/purescript-bucketchain-csrf
License
MIT
Uploaded by
pacchettibotti
Published on
2022-11-19T00:31:05Z

Latest release

A Bucketchain middleware for stateless CSRF protection without token.

Installation

Bower

$ bower install purescript-bucketchain-csrf

Spago

$ spago install bucketchain-csrf

Usage

server :: Effect Server
server = createServer $ middleware1 <<< middleware2

middleware1 :: Middleware
middleware1 = withCSRFProtection
  { host: "example.oreshinya.xyz"
  , origins: [ "http://example.oreshinya.xyz" ]
  }

middleware2 :: Middleware
middleware2 next = do
  http <- ask
  case requestMethod http, requestURL http of
    "POST", "/test" ->
      liftEffect $ Just <$> body "This is test."
    "GET", "/" ->
      liftEffect $ Just <$> body "This is text."
    _, _ ->
      next

This middleware needs 3 headers:

  • Host: Browsers send it automatically.
  • X-From: You should send all request with this header.
  • Origin: Browsers send it automatically.

Documentation

Module documentation is published on Pursuit.

LICENSE

MIT

Modules
Bucketchain.CSRF
Dependencies
purescript-bucketchain >=1.0.1 <2.0.0
purescript-control >=6.0.0 <7.0.0
purescript-effect >=4.0.0 <5.0.0
purescript-foldable-traversable >=6.0.0 <7.0.0
purescript-foreign-object >=4.1.0 <5.0.0
purescript-maybe >=6.0.0 <7.0.0
purescript-prelude >=6.0.1 <7.0.0
purescript-transformers >=6.0.0 <7.0.0