VerifyOrigin

v1.0.0

VerifyOrigin v1.0.0 VerifyOrigin View Source

A Plug adapter to protect from CSRF attacks by verifying the Origin header.

Options

  • :origin - The origin of the server - requests from this origin will always proceed. Defaults to the default hostname configured for your application's endpoint.
  • :strict - Whether to reject requests that lack an Origin header. Defaults to true.
  • :allow_safe - Whether to enforce the strict mode for safe requests (GET, HEAD). Defaults to true.
  • :fallback_to_referer - If the Origin header is missing, fill it with the origin part of the Referer. Defaults to false.

Link to this section Summary

Functions

call(conn, config)
init(opts \\ [])

Link to this section Functions

Link to this function

call(conn, config)

View Source
Link to this function

init(opts \\ [])

View Source