| Overview |  |
context() = term() | undefined
csrf_token() = list() | undefined
| csrf_token/2 | Generate a new CSRF token. |
| enforce_auth/2 | Intended to be called from a webmachine resource's is_authorized function. |
| is_null_origin/1 | Check if the Origin header is "null". |
| is_protected/2 | Is this a protected?. |
| is_valid_csrf_token/2 | Ensure this request contains a valid csrf protection token. |
| scheme_is_available/2 | Enforce use of HTTPS only when a valid auth scheme is enabled. |
csrf_token(ReqData::wrq:reqdata(), Context::context()) -> csrf_token()
Generate a new CSRF token.
enforce_auth(RD::wrq:reqdata(), Ctx::context()) -> {boolean(), wrq:reqdata(), context()}
Intended to be called from a webmachine resource's
is_authorized function. The return value is a valid resource
return value ({Result, ReqData, Context}).
This function checks for valid authentication in the request. If
the authentication is valid, true is returned. If it is invalid,
the value for the response WWW-Authenticate header is returned.
The correct credentials are controled by the appenv
riak_control:auth. Valid values include:
- userlist :: riak_control:userlist will contain a list of
{"user","pass"} pairs that are used.
none :: No authentication.
is_null_origin(ReqData::wrq:reqdata()) -> boolean()
Check if the Origin header is "null". This is useful to look for attempts at CSRF, but is not a complete answer to the problem.
is_protected(ReqData::wrq:reqdata(), Context::context()) -> boolean()
Is this a protected?
is_valid_csrf_token(ReqData::wrq:reqdata(), Context::context()) -> boolean()
Ensure this request contains a valid csrf protection token.
scheme_is_available(RD::wrq:reqdata(), Ctx::context()) -> {boolean(), wrq:reqdata(), context()}
Enforce use of HTTPS only when a valid auth scheme is enabled.
Generated by EDoc