ASGI middleware for protecting against CSRF attacks

Project description

asgi-csrf

ASGI middleware for protecting against CSRF attacks

This is a preview release - do not assume that this is robust and secure just yet.

Installation

pip install asgi-csrf

Background

See the OWASP guide to Cross Site Request Forgery (CSRF) and their Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet.

This middleware implements the Double Submit Cookie pattern, where a cookie is set that is then compared to a csrftoken hidden form field or a x-csrftoken HTTP header.

Limitations

Brand new. Not extensively tested. Do not trust this yet.
Currently only works for application/x-www-form-urlencoded forms, not multipart/form-data forms (with file uploads)

Project details

Release history Release notifications | RSS feed

0.10

Aug 15, 2024

0.9

Jun 23, 2021

0.8

Jan 23, 2021

0.7.2

Jan 23, 2021

0.7.1

Aug 27, 2020

0.7

Aug 15, 2020

0.7a0 pre-release

Aug 15, 2020

0.6.1

Aug 9, 2020

0.6

Jul 1, 2020

0.5.1

Jun 6, 2020

0.5

Jun 5, 2020

0.4

Jun 5, 2020

0.3.1

Jun 5, 2020

0.3

Jun 3, 2020

This version

0.2.2a0 pre-release

Mar 2, 2020

0.2.1a0 pre-release

Mar 2, 2020

0.2a0 pre-release

Mar 2, 2020

0.1a0 pre-release

Mar 1, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

asgi_csrf-0.2.2a0-py3-none-any.whl (7.8 kB view hashes)

Uploaded Mar 2, 2020 Python 3

Hashes for asgi_csrf-0.2.2a0-py3-none-any.whl

Hashes for asgi_csrf-0.2.2a0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3d99bdb2fc81180a8fd8ca15433de2e94eb0b9ed71bc752893213cdc5dcab70c`
MD5	`c5d21f5136675ea4bd45e42e1d84ae68`
BLAKE2b-256	`3fc9e772f521e31bc8eb3de0c81c8d81c8448aed92c25bdad5cafea3ea0fe8c6`