CsrfMiddleware class

CSRF Protection Middleware using Double Submit Cookie pattern

Generates and validates CSRF tokens to prevent Cross-Site Request Forgery attacks.

Example usage:

final csrfMiddleware = CsrfMiddleware(secretKey: 'your-secret-key-here');
final handler = Pipeline()
  .addMiddleware(csrfMiddleware.middleware())
  .addHandler(router);

Constructors

CsrfMiddleware({required String secretKey, String tokenName = 'X-CSRF-Token', String cookieName = 'XSRF-TOKEN', Duration tokenExpiry = const Duration(hours: 24), List<String> safeMethods = const ['GET', 'HEAD', 'OPTIONS']})

Properties

cookieName → String

final

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

safeMethods → List<String>

final

secretKey → String

final

tokenExpiry → Duration

final

tokenName → String

final

Methods

middleware() → Middleware

Creates the CSRF middleware

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

Operators

operator ==(Object other) → bool

The equality operator.

inherited