diff options
Diffstat (limited to 'vendor/github.com/gorilla/csrf')
| -rw-r--r-- | vendor/github.com/gorilla/csrf/context.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/gorilla/csrf/context_legacy.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/gorilla/csrf/csrf.go | 15 | ||||
| -rw-r--r-- | vendor/github.com/gorilla/csrf/helpers.go | 6 |
4 files changed, 17 insertions, 12 deletions
diff --git a/vendor/github.com/gorilla/csrf/context.go b/vendor/github.com/gorilla/csrf/context.go index fe47270..d8bb42f 100644 --- a/vendor/github.com/gorilla/csrf/context.go +++ b/vendor/github.com/gorilla/csrf/context.go @@ -23,3 +23,7 @@ func contextSave(r *http.Request, key string, val interface{}) *http.Request { ctx = context.WithValue(ctx, key, val) return r.WithContext(ctx) } + +func contextClear(r *http.Request) { + // no-op for go1.7+ +} diff --git a/vendor/github.com/gorilla/csrf/context_legacy.go b/vendor/github.com/gorilla/csrf/context_legacy.go index dabf0a6..f88c9eb 100644 --- a/vendor/github.com/gorilla/csrf/context_legacy.go +++ b/vendor/github.com/gorilla/csrf/context_legacy.go @@ -22,3 +22,7 @@ func contextSave(r *http.Request, key string, val interface{}) *http.Request { context.Set(r, key, val) return r } + +func contextClear(r *http.Request) { + context.Clear(r) +} diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go index dc4755e..b4b0439 100644 --- a/vendor/github.com/gorilla/csrf/csrf.go +++ b/vendor/github.com/gorilla/csrf/csrf.go @@ -7,7 +7,6 @@ import ( "github.com/pkg/errors" - "github.com/gorilla/context" "github.com/gorilla/securecookie" ) @@ -195,7 +194,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // as it will no longer match the request token. realToken, err = generateRandomBytes(tokenLength) if err != nil { - envError(r, err) + r = envError(r, err) cs.opts.ErrorHandler.ServeHTTP(w, r) return } @@ -203,7 +202,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Save the new (real) token in the session store. err = cs.st.Save(realToken, w) if err != nil { - envError(r, err) + r = envError(r, err) cs.opts.ErrorHandler.ServeHTTP(w, r) return } @@ -225,13 +224,13 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // otherwise fails to parse. referer, err := url.Parse(r.Referer()) if err != nil || referer.String() == "" { - envError(r, ErrNoReferer) + r = envError(r, ErrNoReferer) cs.opts.ErrorHandler.ServeHTTP(w, r) return } if sameOrigin(r.URL, referer) == false { - envError(r, ErrBadReferer) + r = envError(r, ErrBadReferer) cs.opts.ErrorHandler.ServeHTTP(w, r) return } @@ -240,7 +239,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // If the token returned from the session store is nil for non-idempotent // ("unsafe") methods, call the error handler. if realToken == nil { - envError(r, ErrNoToken) + r = envError(r, ErrNoToken) cs.opts.ErrorHandler.ServeHTTP(w, r) return } @@ -250,7 +249,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Compare the request token against the real token if !compareTokens(requestToken, realToken) { - envError(r, ErrBadToken) + r = envError(r, ErrBadToken) cs.opts.ErrorHandler.ServeHTTP(w, r) return } @@ -263,7 +262,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Call the wrapped handler/router on success. cs.h.ServeHTTP(w, r) // Clear the request context after the handler has completed. - context.Clear(r) + contextClear(r) } // unauthorizedhandler sets a HTTP 403 Forbidden status and writes the diff --git a/vendor/github.com/gorilla/csrf/helpers.go b/vendor/github.com/gorilla/csrf/helpers.go index 7adb5ff..3dacfd2 100644 --- a/vendor/github.com/gorilla/csrf/helpers.go +++ b/vendor/github.com/gorilla/csrf/helpers.go @@ -8,8 +8,6 @@ import ( "html/template" "net/http" "net/url" - - "github.com/gorilla/context" ) // Token returns a masked CSRF token ready for passing into HTML template or @@ -200,6 +198,6 @@ func contains(vals []string, s string) bool { } // envError stores a CSRF error in the request context. -func envError(r *http.Request, err error) { - context.Set(r, errorKey, err) +func envError(r *http.Request, err error) *http.Request { + return contextSave(r, errorKey, err) } |