aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/gorilla/csrf/doc.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/gorilla/csrf/doc.go')
-rw-r--r--vendor/github.com/gorilla/csrf/doc.go5
1 files changed, 4 insertions, 1 deletions
diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go
index 3046cdc..503c948 100644
--- a/vendor/github.com/gorilla/csrf/doc.go
+++ b/vendor/github.com/gorilla/csrf/doc.go
@@ -71,7 +71,10 @@ in order to protect malicious POST requests being made:
r := mux.NewRouter()
r.HandleFunc("/signup", ShowSignupForm)
// All POST requests without a valid token will return HTTP 403 Forbidden.
- r.HandleFunc("/signup/post", SubmitSignupForm)
+ // We should also ensure that our mutating (non-idempotent) handler only
+ // matches on POST requests. We can check that here, at the router level, or
+ // within the handler itself via r.Method.
+ r.HandleFunc("/signup/post", SubmitSignupForm).Methods("POST")
// Add the middleware to your router by wrapping it.
http.ListenAndServe(":8000",
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 10:29:56 +0000