diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2018-08-23 22:51:21 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2018-08-24 13:45:03 +0100 |
commit | f8e3dea19012ccf05965d10255789eec33c2ebcf (patch) | |
tree | 8522ceada8bc7270648f29615b89550db910cb6c /vendor/github.com/gorilla/csrf/doc.go | |
parent | 91f9bc722152146466523861162b85195f99875b (diff) |
Update deps
Diffstat (limited to 'vendor/github.com/gorilla/csrf/doc.go')
-rw-r--r-- | vendor/github.com/gorilla/csrf/doc.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go index 3046cdc..503c948 100644 --- a/vendor/github.com/gorilla/csrf/doc.go +++ b/vendor/github.com/gorilla/csrf/doc.go @@ -71,7 +71,10 @@ in order to protect malicious POST requests being made: r := mux.NewRouter() r.HandleFunc("/signup", ShowSignupForm) // All POST requests without a valid token will return HTTP 403 Forbidden. - r.HandleFunc("/signup/post", SubmitSignupForm) + // We should also ensure that our mutating (non-idempotent) handler only + // matches on POST requests. We can check that here, at the router level, or + // within the handler itself via r.Method. + r.HandleFunc("/signup/post", SubmitSignupForm).Methods("POST") // Add the middleware to your router by wrapping it. http.ListenAndServe(":8000", |