diff options
Diffstat (limited to 'vendor/github.com/gorilla/csrf/doc.go')
| -rw-r--r-- | vendor/github.com/gorilla/csrf/doc.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go index e0bf408..301abe0 100644 --- a/vendor/github.com/gorilla/csrf/doc.go +++ b/vendor/github.com/gorilla/csrf/doc.go @@ -135,6 +135,10 @@ providing a JSON API: w.Write(b) } +If you're writing a client that's supposed to mimic browser behavior, make sure to +send back the CSRF cookie (the default name is _gorilla_csrf, but this can be changed +with the CookieName Option) along with either the X-CSRF-Token header or the gorilla.csrf.Token form field. + In addition: getting CSRF protection right is important, so here's some background: * This library generates unique-per-request (masked) tokens as a mitigation |