Appearance
CSRF 保护
¥CSRF Protection
CSRF Protection 中间件通过检查请求标头来防止 CSRF 攻击。
¥CSRF Protection Middleware prevents CSRF attacks by checking request headers.
此中间件通过将 Origin 标头的值与请求的 URL 进行比较来防止 CSRF 攻击(例如使用表单元素提交)。
¥This middleware protects against CSRF attacks such as submitting with a form element by comparing the value of the Origin header with the requested URL.
不发送 Origin 标头的旧浏览器或使用反向代理删除 Origin 标头的环境可能无法正常工作。在这样的环境中,使用其他 CSRF 令牌方法。
¥Old browsers that do not send Origin headers, or environments that use reverse proxies to remove Origin headers, may not work well. In such environments, use the other CSRF token methods.
导入
¥Import
ts
import { Hono } from 'hono'
import { csrf } from 'hono/csrf'用法
¥Usage
ts
const app = new Hono()
app.use(csrf())
// Specifying origins with using `origin` option
// string
app.use(csrf({ origin: 'myapp.example.com' }))
// string[]
app.use(
csrf({
origin: ['myapp.example.com', 'development.myapp.example.com'],
})
)
// Function
// It is strongly recommended that the protocol be verified to ensure a match to `$`.
// You should *never* do a forward match.
app.use(
'*',
csrf({
origin: (origin) =>
/https:\/\/(\w+\.)?myapp\.example\.com$/.test(origin),
})
)选项
¥Options
optional origin:string | string[] | Function
指定来源。
¥Specify origins.