aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/gorilla/csrf/csrf.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/gorilla/csrf/csrf.go')
-rw-r--r--vendor/github.com/gorilla/csrf/csrf.go15
1 files changed, 7 insertions, 8 deletions
diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go
index dc4755e..b4b0439 100644
--- a/vendor/github.com/gorilla/csrf/csrf.go
+++ b/vendor/github.com/gorilla/csrf/csrf.go
@@ -7,7 +7,6 @@ import (
"github.com/pkg/errors"
- "github.com/gorilla/context"
"github.com/gorilla/securecookie"
)
@@ -195,7 +194,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// as it will no longer match the request token.
realToken, err = generateRandomBytes(tokenLength)
if err != nil {
- envError(r, err)
+ r = envError(r, err)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -203,7 +202,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Save the new (real) token in the session store.
err = cs.st.Save(realToken, w)
if err != nil {
- envError(r, err)
+ r = envError(r, err)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -225,13 +224,13 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// otherwise fails to parse.
referer, err := url.Parse(r.Referer())
if err != nil || referer.String() == "" {
- envError(r, ErrNoReferer)
+ r = envError(r, ErrNoReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
if sameOrigin(r.URL, referer) == false {
- envError(r, ErrBadReferer)
+ r = envError(r, ErrBadReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -240,7 +239,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// If the token returned from the session store is nil for non-idempotent
// ("unsafe") methods, call the error handler.
if realToken == nil {
- envError(r, ErrNoToken)
+ r = envError(r, ErrNoToken)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -250,7 +249,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Compare the request token against the real token
if !compareTokens(requestToken, realToken) {
- envError(r, ErrBadToken)
+ r = envError(r, ErrBadToken)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
}
@@ -263,7 +262,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Call the wrapped handler/router on success.
cs.h.ServeHTTP(w, r)
// Clear the request context after the handler has completed.
- context.Clear(r)
+ contextClear(r)
}
// unauthorizedhandler sets a HTTP 403 Forbidden status and writes the
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-29 15:32:20 +0000