github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/xsrf/xsrf.go

github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/xsrf/xsrf.go (about)

     1  // Copyright 2020 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package xsrf contains helper functions for the safehttp.Interceptor that
    16  // provide protection against Cross-Site Request Forgery attacks.
    17  package xsrf
    18  
    19  import (
    20  	"github.com/google/go-safeweb/safehttp"
    21  )
    22  
    23  var statePreservingMethods = map[string]bool{
    24  	safehttp.MethodGet:     true,
    25  	safehttp.MethodHead:    true,
    26  	safehttp.MethodOptions: true,
    27  }
    28  
    29  // StatePreserving checks if the provided request is state preserving.
    30  func StatePreserving(r *safehttp.IncomingRequest) bool {
    31  	return statePreservingMethods[r.Method()]
    32  }