built-in CSRF protect

First Check

• I added a very descriptive title to this issue.
• I used the GitHub search to find a similar issue and didn’t find it.
• I searched the FastAPI documentation, with the integrated search.
• I already searched in Google “How to X in FastAPI” and didn’t find any information.
• I already read and followed all the tutorial in the docs and didn’t find an answer.
• I already checked if it is not related to FastAPI but to Pydantic.
• I already checked if it is not related to FastAPI but to Swagger UI.
• I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

• I commit to help with one of those options 👆

Example Code

from fastapi import FastAPI

app = FastAPI()


@app.get("/")
def read_root():
    return {"Hello": "World"}

@app.post("/")
def post_root():
    with open("some_data", 'w') as f:
        f.write("superimportant_data")

Description

Now we have plugin fastapi_csrf_protect, but it looks like strange. Just see code here:

https://www.stackhawk.com/blog/csrf-protection-in-fastapi/

Wanted Solution

Feature request for built-in csrf settings, which will looks like cors - as middleware.

Just something like https://github.com/frankie567/starlette-csrf, but built-in fastapi

Wanted Code

from fastapi import FastAPI
from fastapi.middlewares import CSRFMiddleware

from app.core import app_config

app = FastAPI()
app.add_middleware(CSRFMiddleware, secret="__CHANGE_ME__")

@app.get("/")
def read_root():
    return {"Hello": "World"}

@app.post("/", csrf_token=True) # by default
def post_root():
    with open("secure_file", 'w') as f:
        f.write("superimportant_data")

@app.post("/access_post_without_csrf/", csrf_token=False) 
    with open("unsecure_file", 'w') as f:
        f.write("some_data")

Alternatives

https://github.com/frankie567/starlette-csrf

Operating System

Linux, Windows, macOS

Operating System Details

No response

FastAPI Version

latest

Python Version

3.10.1

Additional Context

No response