aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/gorilla/csrf
diff options
context:
space:
mode:
authorNiall Sheridan <nsheridan@gmail.com>2016-08-27 01:32:30 +0100
committerNiall Sheridan <nsheridan@gmail.com>2016-08-27 01:32:30 +0100
commit921818bca208f0c70e85ec670074cb3905cbbc82 (patch)
tree4aa67ad2bb2083bd486db3f99680d6d08a2c36b3 /vendor/github.com/gorilla/csrf
parent7f1c9358805302344a89c1fed4eab1342931b061 (diff)
Update dependencies
Diffstat (limited to 'vendor/github.com/gorilla/csrf')
-rw-r--r--vendor/github.com/gorilla/csrf/context.go4
-rw-r--r--vendor/github.com/gorilla/csrf/context_legacy.go4
-rw-r--r--vendor/github.com/gorilla/csrf/csrf.go15
-rw-r--r--vendor/github.com/gorilla/csrf/helpers.go6
4 files changed, 17 insertions, 12 deletions
diff --git a/vendor/github.com/gorilla/csrf/context.go b/vendor/github.com/gorilla/csrf/context.go
index fe47270..d8bb42f 100644
--- a/vendor/github.com/gorilla/csrf/context.go
+++ b/vendor/github.com/gorilla/csrf/context.go
@@ -23,3 +23,7 @@ func contextSave(r *http.Request, key string, val interface{}) *http.Request {
ctx = context.WithValue(ctx, key, val)
return r.WithContext(ctx)
}
+
+func contextClear(r *http.Request) {
+ // no-op for go1.7+
+}
diff --git a/vendor/github.com/gorilla/csrf/context_legacy.go b/vendor/github.com/gorilla/csrf/context_legacy.go
index dabf0a6..f88c9eb 100644
--- a/vendor/github.com/gorilla/csrf/context_legacy.go
+++ b/vendor/github.com/gorilla/csrf/context_legacy.go
@@ -22,3 +22,7 @@ func contextSave(r *http.Request, key string, val interface{}) *http.Request {
context.Set(r, key, val)
return r
}
+
+func contextClear(r *http.Request) {
+ context.Clear(r)
+}
diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go
index dc4755e..b4b0439 100644
--- a/vendor/github.com/gorilla/csrf/csrf.go
+++ b/vendor/github.com/gorilla/csrf/csrf.go
@@ -7,7 +7,6 @@ import (
"github.com/pkg/errors"
- "github.com/gorilla/context"
"github.com/gorilla/securecookie"
)
@@ -195,7 +194,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// as it will no longer match the request token.
realToken, err = generateRandomBytes(tokenLength)
if err != nil {
- envError(r, err)
+ r = envError(r, err)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -203,7 +202,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Save the new (real) token in the session store.
err = cs.st.Save(realToken, w)
if err != nil {
- envError(r, err)
+ r = envError(r, err)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -225,13 +224,13 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// otherwise fails to parse.
referer, err := url.Parse(r.Referer())
if err != nil || referer.String() == "" {
- envError(r, ErrNoReferer)
+ r = envError(r, ErrNoReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
if sameOrigin(r.URL, referer) == false {
- envError(r, ErrBadReferer)
+ r = envError(r, ErrBadReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -240,7 +239,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// If the token returned from the session store is nil for non-idempotent
// ("unsafe") methods, call the error handler.
if realToken == nil {
- envError(r, ErrNoToken)
+ r = envError(r, ErrNoToken)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -250,7 +249,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Compare the request token against the real token
if !compareTokens(requestToken, realToken) {
- envError(r, ErrBadToken)
+ r = envError(r, ErrBadToken)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -263,7 +262,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Call the wrapped handler/router on success.
cs.h.ServeHTTP(w, r)
// Clear the request context after the handler has completed.
- context.Clear(r)
+ contextClear(r)
}
// unauthorizedhandler sets a HTTP 403 Forbidden status and writes the
diff --git a/vendor/github.com/gorilla/csrf/helpers.go b/vendor/github.com/gorilla/csrf/helpers.go
index 7adb5ff..3dacfd2 100644
--- a/vendor/github.com/gorilla/csrf/helpers.go
+++ b/vendor/github.com/gorilla/csrf/helpers.go
@@ -8,8 +8,6 @@ import (
"html/template"
"net/http"
"net/url"
-
- "github.com/gorilla/context"
)
// Token returns a masked CSRF token ready for passing into HTML template or
@@ -200,6 +198,6 @@ func contains(vals []string, s string) bool {
}
// envError stores a CSRF error in the request context.
-func envError(r *http.Request, err error) {
- context.Set(r, errorKey, err)
+func envError(r *http.Request, err error) *http.Request {
+ return contextSave(r, errorKey, err)
}