rocket_csrf =========== CSRF (Cross-Site Request Forgery) protection for [Rocket](https://rocket.rs) web framework. > **WARNING!** > The implementation is very simple for now and may not be ready for production. Discussion about CSRF protection in Rocket is [here](https://github.com/SergioBenitez/Rocket/issues/14). Table of contents ----------------- * [Overview](#rocket_csrf) * [Table of contents](#table-of-contents) * [Usage](#usage) * [TODO](#todo) Usage ----- Attach [fairing](https://rocket.rs/v0.5-rc/guide/fairings/#fairings) to the Rocket instance: ```rust #![feature(decl_macro)] #[macro_use] extern crate rocket; #[macro_use] extern crate serde_derive; use rocket_dyn_templates::Template; #[launch] fn rocket() -> _ { rocket::ignite() .attach(rocket_csrf::Fairing::default()) .attach(Template::fairing()) .mount("/", routes![new, create]) } ``` You also can configure [fairing](https://rocket.rs/v0.5-rc/guide/fairings/#fairings): ```rust #[launch] fn rocket() -> _ { rocket::ignite() .attach(rocket_csrf::Fairing::new( rocket_csrf::CsrfConfig::default() .with_cookie_name("foobar") .with_cookie_len(64) .with_lifetime(time::Duration::days(3)), )) .attach(Template::fairing()) .mount("/", routes![new, create]) } ``` Add [guard](https://rocket.rs/v0.5-rc/guide/requests/#request-guards) to any request where you want to have access to session's CSRF token (e.g. to include it in forms) or verify it (e.g. to validate form): ```rust use rocket::form::Form; use rocket::response::Redirect; use rocket_csrf::CsrfToken; use rocket_dyn_templates::Template; #[get("/comments/new")] fn new(csrf_token: CsrfToken) -> Template { // your code } #[post("/comments", data = "