Skip to main content

ASGI middleware for protecting against CSRF attacks

Project description

asgi-csrf

PyPI CircleCI License

ASGI middleware for protecting against CSRF attacks

This is a preview release - do not assume that this is robust and secure just yet.

Installation

pip install asgi-csrf

Background

See the OWASP guide to Cross Site Request Forgery (CSRF) and their Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet.

This middleware implements the Double Submit Cookie pattern, where a cookie is set that is then compared to a csrftoken hidden form field or a x-csrftoken HTTP header.

Limitations

  • Brand new. Not extensively tested. Do not trust this yet.
  • Currently only works for application/x-www-form-urlencoded forms, not multipart/form-data forms (with file uploads)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for asgi-csrf, version 0.2.2a0
Filename, size File type Python version Upload date Hashes
Filename, size asgi_csrf-0.2.2a0-py3-none-any.whl (7.8 kB) File type Wheel Python version py3 Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page