All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added support for
actix-multipart
via the feature of the same name (#16; thanks @siblingsofthevoid)
- Bump MSRV to 1.72.0 (#14; thanks @siblingsofthevoid)
- Bumped
base64
to 0.21 (#11; thanks @tbarri)
- Added
Crsf::into_inner
(#6; thanks @Conni2461)
- Since
actix-web
was updated to 4.1.0, the MSRV was changed to 1.59.actix-csrf
will followactix-web
and will build against 1.59.
- Routes with path info will properly be matched against a CRSF token (#8; thanks @Conni2461)
- Added
CsrfMiddleware::host_prefixed_cookie_name
andCsrfMiddleware::secure_prefixed_cookie_name
. - Added
CsrfMiddleware::cookie_config
to help create aCsrfCookieConfig
from the current middleware state. This primarily is useful if the cookie name was changed. - Added
CsrfMiddleware::domain
, which sets theDomain
attribute of the set cookie and downgrades the__Host-
prefix to__Secure-
if it exists.
- Fixed
CsrfMiddleware
constructor docs. - Fixed
CsrfCookieConfig
docs. actix-csrf
compiles with Rust 1.54.0. This is not a guarantee, but a best effort attempt.
- Added constructors for
CsrfCookieConfig
andCsrfHeaderConfig
.
- Updated
cookie
to v0.16.
- Specify no default features for dependencies.
- Updated for
actix-web
v4.0.0
- Updated for
actix-web
v4.0.0-beta.13
- A
Csrf
extractor that wraps around other extractors has been added. in conjunction with theCsrfGuarded
trait, this provides a difficult to misuse API over the implementation in previous versions.
Csrf
is now namedCsrfMiddleware
.CsrfMiddleware
no longer validates requests; that functionality has been moved to theCsrf
extractor.CsrfMiddleware::set_cookie
andCsrfMiddleware::cookie_name
now accept aimpl Into<String>
instead ofimpl ToString
.actix_csrf
now depends onserde
and no longer has aserde
feature.TokenRng
has been moved to the crate root.
Serialize
andDeserialize
are now properly imported.
- Users can now specify the
serde
feature, which currently only implementsSerialize
andDeserialize
forCsrfToken
.
- Updated
actix-csrf
to be compatible withactix
versions 4.0.0 or newer.