11 releases

0.4.0 Jun 16, 2020
0.3.1 Jan 13, 2018
0.3.0 Nov 19, 2017
0.2.2 Jul 11, 2017
0.0.13 Mar 15, 2017

#8 in #csrf

MIT license

37KB
675 lines

iron-csrf

CSRF protection for the Rust web framework Iron.

iron-csrf uses either ChaCha20Poly1305 or AES-GCM to sign and verify timestamped CSRF cookies and their accompanying tokens.

There is an example iron server in the directory ./examples, and more information can be found in the docs hosted at docs.rs. A complete reference implementation can be found on github.

Contributing

Please make all pull requests to the develop branch.

Bugs

This project has a full disclosure policy on security related errors. Please treat these errors like all other bugs and file a public issue. Errors communicated via other channels will be immediately made public.

License

This work is licensed under the MIT license. See LICENSE for details.

Dependencies

~18MB
~342K SLoC