fiber Architecture Docs
Home / Type/ Config Type — fiber Architecture

Config Type — fiber Architecture

Architecture documentation for the Config type/interface in config.go from the fiber codebase.

Type go

Entity Profile

Dependency Diagram

graph TD
  e0dfc879_9d6d_b085_5ac3_fe714dda269a["Config"]
  077ca922_400b_9f3f_bb69_e8f547a31678["config.go"]
  e0dfc879_9d6d_b085_5ac3_fe714dda269a -->|defined in| 077ca922_400b_9f3f_bb69_e8f547a31678
  style e0dfc879_9d6d_b085_5ac3_fe714dda269a fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/config.go lines 15–125

type Config struct {
	// Storage is used to store the state of the middleware.
	//
	// Optional. Default: memory.New()
	// Ignored if Session is set.
	Storage fiber.Storage

	// Next defines a function to skip this middleware when returned true.
	//
	// Optional. Default: nil
	Next func(c fiber.Ctx) bool

	// Session is used to store the state of the middleware.
	//
	// Optional. Default: nil
	// If set, the middleware will use the session store instead of the storage.
	Session *session.Store

	// KeyGenerator creates a new CSRF token.
	//
	// Optional. Default: utils.SecureToken
	KeyGenerator func() string

	// ErrorHandler is executed when an error is returned from fiber.Handler.
	//
	// Optional. Default: defaultErrorHandler
	ErrorHandler fiber.ErrorHandler

	// CookieName is the name of the CSRF cookie.
	//
	// Optional. Default: "csrf_"
	CookieName string

	// CookieDomain is the domain of the CSRF cookie.
	//
	// Optional. Default: ""
	CookieDomain string

	// CookiePath is the path of the CSRF cookie.
	//
	// Optional. Default: ""
	CookiePath string

	// CookieSameSite is the SameSite attribute of the CSRF cookie.
	//
	// Optional. Default: "Lax"
	CookieSameSite string

	// TrustedOrigins is a list of trusted origins for unsafe requests.
	// For requests that use the Origin header, the origin must match the
	// Host header or one of the TrustedOrigins.
	// For secure requests that do not include the Origin header, the Referer
	// header must match the Host header or one of the TrustedOrigins.
	//
	// This supports matching subdomains at any level. This means you can use a value like
	// "https://*.example.com" to allow any subdomain of example.com to submit requests,
	// including multiple subdomain levels such as "https://sub.sub.example.com".
	//
	// Optional. Default: []
	TrustedOrigins []string

	// Extractor returns the CSRF token from the request.
	//
	// Optional. Default: extractors.FromHeader("X-Csrf-Token")
	//
	// Available extractors from github.com/gofiber/fiber/v3/extractors:
	//   - extractors.FromHeader("X-Csrf-Token"): Most secure, recommended for APIs
	//   - extractors.FromForm("_csrf"): Secure, recommended for form submissions
	//   - extractors.FromQuery("csrf_token"): Less secure, URLs may be logged
	//   - extractors.FromParam("csrf"): Less secure, URLs may be logged
	//   - extractors.Chain(...): Advanced chaining of multiple extractors
	//
	// See the Extractors Guide for complete documentation:
	// https://docs.gofiber.io/guide/extractors
	//
	// WARNING: Never create custom extractors that read from cookies with the same
	// CookieName as this defeats CSRF protection entirely.
	Extractor extractors.Extractor

	// IdleTimeout is the duration of time the CSRF token is valid.
	//

Defined In

Source

Frequently Asked Questions

What is the Config type?
Config is a type/interface in the fiber codebase, defined in middleware/csrf/config.go.
Where is Config defined?
Config is defined in middleware/csrf/config.go at line 15.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free