Package

purescript-bucketchain-csrf

Repository
Bucketchain/purescript-bucketchain-csrf
License
MIT
Uploaded by
oreshinya
Published on
2019-01-01

Latest release

A Bucketchain middleware for stateless CSRF protection without token.

Installation

bower install purescript-bucketchain-csrf purescript-bucketchain-cors

Usage

Use with cors middleware.

server :: Effect Server
server = createServer $ middleware1 <<< middleware2 <<< middleware3

middleware1 :: Middleware
middleware1 = withCSRFProtection
  { host: "example.oreshinya.xyz"
  , origins: [ "http://example.oreshinya.xyz", "http://test.oreshinya.xyz" ]
  }

middleware2 :: Middleware
middleware2 = withCORS defaultOptions
  { origins = Origins [ "http://example.oreshinya.xyz", "http://test.oreshinya.xyz" ]
  }

middleware3 :: Middleware
middleware3 next = do
  http <- ask
  if requestMethod http == "POST" && requestURL http == "/test"
    then liftEffect $ Just <$> body "This is test."
    else next

This middleware checks some headers:

  • Host: Check if host(for DNS Rebinding).
  • X-From: Check if allowed origin. you should send all request with this header.
  • Origin: Check if allowed origin.

Documentation

Module documentation is published on Pursuit.

LICENSE

MIT

Modules
Bucketchain.CSRF
Dependencies