CSRF protection for the Rust web framework Iron.
iron-csrf uses either ChaCha20Poly1305 or AES-GCM to sign and verify timestamped
CSRF cookies and their accompanying tokens.
There is an example iron server in the directory ./examples, and more
information can be found in the docs hosted at docs.rs.
A complete reference implementation can be found on
github.
Please make all pull requests to the develop branch.
This project has a full disclosure policy on security related errors. Please treat these errors like all other bugs and file a public issue. Errors communicated via other channels will be immediately made public.
This work is licensed under the MIT license. See LICENSE for details.