gazagnaire.org / ocaml-csrf
CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

ocaml-csrf: fix README verify_state arity

[Csrf.verify_state] takes [~secret] and the signed string and returns
[string option]; the README called it with an extra positional payload
argument. Verify the round-trip via [match ... with | Some payload ->
assert ...].

Thomas Gazagnaire 37d20279 ab1ac749

+5 -3
+5 -3
README.md
··· 29 29 when the browser returns: 30 30 31 31 ```ocaml 32 - let state = Csrf.sign_state ~secret:"server secret" "oauth-login" 32 + let signed = Csrf.sign_state ~secret:"server secret" "oauth-login" 33 33 34 - let authorized = 35 - Csrf.verify_state ~secret:"server secret" state "oauth-login" 34 + let () = 35 + match Csrf.verify_state ~secret:"server secret" signed with 36 + | Some payload -> assert (payload = "oauth-login") 37 + | None -> failwith "tampered state" 36 38 ```