rocket_csrf =========== CSRF (Cross-Site Request Forgery) protection for [Rocket](https://rocket.rs) web framework. > **WARNING!** > The implementation is very simple for now and may not be ready for production. Table of contents ----------------- * [Overview](#rocket_csrf) * [Table of contents](#table-of-contents) * [Usage](#usage) * [TODO](#todo) Usage ----- Attach [fairing](https://rocket.rs/v0.4/guide/fairings/#fairings) to the Rocket instance: ```rust #![feature(decl_macro)] #[macro_use] extern crate rocket; #[macro_use] extern crate serde_derive; use rocket_contrib::templates::Template; fn main() { rocket::ignite() .attach(rocket_csrf::Fairing::new()) .attach(Template::fairing()) .mount("/", routes![new, create]) .launch(); } ``` Add [guard](https://rocket.rs/v0.4/guide/requests/#request-guards) to any request where you want to have access to session's CSRF token (e.g. to include it in forms) or verify it (e.g. to validate form): ```rust use rocket::response::Redirect; use rocket::request::Form; use rocket_contrib::templates::Template; use rocket_csrf::CsrfToken; #[get("/comments/new")] fn new(csrf: CsrfToken) -> Template { // your code } #[post("/comments", data = "