diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2017-04-10 21:18:42 +0100 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2017-04-10 21:38:33 +0100 |
| commit | 30802e07b2d84fbc213b490d3402707dffe60096 (patch) | |
| tree | 934aecb8f3582325dfd1aa6652193adac87d00db /vendor/github.com/gorilla/csrf/doc.go | |
| parent | da7638dc112c4c106e8929601b642d2ca4596cba (diff) | |
update dependencies
Diffstat (limited to 'vendor/github.com/gorilla/csrf/doc.go')
| -rw-r--r-- | vendor/github.com/gorilla/csrf/doc.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go index e0bf408..301abe0 100644 --- a/vendor/github.com/gorilla/csrf/doc.go +++ b/vendor/github.com/gorilla/csrf/doc.go @@ -135,6 +135,10 @@ providing a JSON API: w.Write(b) } +If you're writing a client that's supposed to mimic browser behavior, make sure to +send back the CSRF cookie (the default name is _gorilla_csrf, but this can be changed +with the CookieName Option) along with either the X-CSRF-Token header or the gorilla.csrf.Token form field. + In addition: getting CSRF protection right is important, so here's some background: * This library generates unique-per-request (masked) tokens as a mitigation |