This PR allows selection of csrfTokenPattern to be used. Support for HMAC based token pattern and encryption based token pattern added. Defaults to double submit cookie pattern.
Closes #121
Thanks @dougwilson for helping out in opening up PR creation for non-existing collaborators like me, who would love to contribute in this repository.
Team, please let me know your reviews. I have added new test cases too. Old ones need not be changed as the change is backward compatible.
While going through the OWASP documentation, I realized that we can have the csrfTokenPattern as an input for a pattern factory that helps select and execute the generation of the token and its validation. Also the factory design will help in pluggable implementation of more patterns in future.
This PR allows selection of
csrfTokenPattern
to be used. Support for HMAC based token pattern and encryption based token pattern added. Defaults to double submit cookie pattern.Closes #121
Thanks @dougwilson for helping out in opening up PR creation for non-existing collaborators like me, who would love to contribute in this repository.
Team, please let me know your reviews. I have added new test cases too. Old ones need not be changed as the change is backward compatible.
While going through the OWASP documentation, I realized that we can have the csrfTokenPattern as an input for a pattern factory that helps select and execute the generation of the token and its validation. Also the factory design will help in pluggable implementation of more patterns in future.