CookieName changes the name of the CSRF cookie issued to clients.

Domain sets the cookie domain.

FieldName allows you to change the name attribute of the hidden <input> field inspected by this package.

HttpOnly sets the 'HttpOnly' flag on the cookie.

MaxAge sets the maximum age (in seconds) of a CSRF token's underlying cookie.

Path sets the cookie path.

RequestHeader allows you to change the request header the CSRF middleware inspects.

SameSite sets the cookie SameSite attribute.

Secure sets the 'Secure' flag on the cookie.

TemplateField is a template helper for html/template that provides an <input> field populated with a CSRF token.

Token returns a masked CSRF token ready for passing into HTML template or a JSON response body.

TrustedOrigins configures a set of origins (Referers) that are considered as trusted.

SameSiteDefaultMode sets the `SameSite` cookie attribute, which is invalid in some older browsers due to changes in the SameSite spec.

SameSite options.

SameSite options.

SameSite options.

ErrBadReferer is returned when the scheme & host in the URL do not match the supplied Referer header.

ErrBadToken is returned if the CSRF token in the request does not match the token in the session, or is otherwise malformed.

ErrNoReferer is returned when a HTTPS request provides an empty Referer header.

ErrNoToken is returned if no CSRF token is supplied in the request.

TemplateTag provides a default template tag - e.g.

Option describes a functional option for configuring the CSRF handler.

SameSiteMode allows a server to define a cookie attribute making it impossible for the browser to send this cookie along with cross-site requests.