Silgi
Plugins

Strict GET

Enforce GET-only access on query procedures — prevents CSRF and accidental POST calls.

The strict GET guard rejects non-GET requests with 405 Method Not Allowed. Apply it to query procedures to enforce RESTful method semantics and prevent CSRF.

Usage

import {  } from 'silgi/plugins'

const  = k
  .$route({ : 'GET' })
  .$use()
  .$resolve(({  }) => .db.users.findMany())

A POST request to this procedure returns:

{
  "code": "METHOD_NOT_ALLOWED",
  "status": 405,
  "message": "Expected GET, received POST"
}

strictGetGuard is a singleton — no factory call needed. Add it directly to the use array.

This guard only works when the request method is available in the context. With serve() and handler(), the method is part of the Request object. If you're using a custom transport that doesn't set ctx.method, the guard passes through without blocking.

What's next?

  • CORS — cross-origin request handling
  • Plugins — other available plugins

Body Limit

Reject oversized request bodies with a guard — returns 413 Payload Too Large.

Cookies

Read, set, and delete cookies inside procedures — typed helpers with secure defaults.

On this page

UsageWhat's next?