Common Lisp Package: CLACK.MIDDLEWARE.CSRF

# Clack.Middleware.Csrf - Middleware for easy CSRF protection. ## SYNOPSIS ;; building application. (builder <clack-middleware-csrf> app) ;; in CL-EMB template. <form name="test-form" method="post" action="/"> <input type="text" name="name" /> <%= (csrf-html-tag session) %> <input type="submit" value="Send" /> </form> ## DESCRIPTION ## Block behavior (builder <clack-middleware-session> (<clack-middleware-csrf> :block-app #'(lambda (env) @ignore env '(302 (:location "http://en.wikipedia.org/wiki/CSRF") nil))) app) ## AUTHOR * Eitarow Fukamachi (e.arrows@gmail.com) ## SEE ALSO * Clack.Middleware.Session

README:

FUNCTION

Public

CSRF-HTML-TAG (SESSION)

Return an 'input' tag containing random CSRF token. Note this has a side-effect, natually. This function stores the generated id into the current session when called.

Private

GENERATE-RANDOM-ID

Generate a random token.

MAKE-REQUEST (ENV)

A synonym for (make-instance '<request> ...). Make a <request> instance from environment plist. Raw-body of the instance will be shared, meaning making an instance of <request> doesn't effect on an original raw-body.

Undocumented

DANGER-METHOD-P (REQUEST-METHOD)

RETURN-400 (ENV)

VALID-TOKEN-P (ENV)

GENERIC-FUNCTION

Private

Undocumented

BODY-PARAMETER (REQ &OPTIONAL NAME)

SLOT-ACCESSOR

Private

Undocumented

BLOCK-APP (OBJECT)

SETFBLOCK-APP (NEW-VALUE OBJECT)

ONE-TIME-P (OBJECT)

SETFONE-TIME-P (NEW-VALUE OBJECT)

CLASS

Public

<CLACK-MIDDLEWARE-CSRF>

Clack Middleware for easy CSRF protection.