CSRF or XSRF¶

CSRF or XSRF is a security vulnerability and attack method in web applications. It involves tricking a user's browser into sending unauthorized requests to a website where the user is authenticated, allowing attackers to perform actions on behalf of the user.

Available ASGI CSRF Middlewares¶

• Piccolo CSRF Middleware
• Starlette CSRF

These middlewares can be configured as every other asgi middleware as shown in middleware docs to work in Ellar

For example, using Starlette CSRF Middleware

# config.py
import typing as t
from ellar.core.middleware import Middleware
from ellar.core.conf import ConfigDefaultTypesMixin
from starlette_csrf import CSRFMiddleware

class Development(ConfigDefaultTypesMixin):
    DEBUG: bool = True
    SECRET_KEY = "xxxxxxxxxxxxxx"
    # Application middlewares
    MIDDLEWARE: t.Sequence[Middleware] = [
        Middleware(
            CSRFMiddleware, 
            secret=SECRET_KEY, 
            cookie_name='csrftoken', 
            safe_methods={"GET", "HEAD", "OPTIONS", "TRACE"}
        )
    ]

CORS¶

Cross-origin resource sharing (CORS) is a mechanism that allows resources to be requested from another domain. Under the hood, Ellar registers CORS Middleware and provides CORS options in application for CORS customization. See how to configure CORS here