Kyle Isom 27f81c81ac Add csrf package: HMAC-SHA256 double-submit cookies ...

- Protect with configurable secret, cookie name, field name
- Middleware validates POST/PUT/PATCH/DELETE, passes GET/HEAD/OPTIONS
- SetToken generates token and sets HttpOnly/Secure/SameSite=Strict cookie
- TemplateFunc returns FuncMap with csrfField helper for templates
- Token format: base64(nonce).base64(HMAC-SHA256(secret, nonce))
- 10 tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-25 16:29:42 -07:00

4.0 KiB

Raw Permalink Blame History

View Raw