From 30802e07b2d84fbc213b490d3402707dffe60096 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Mon, 10 Apr 2017 21:18:42 +0100
Subject: update dependencies

---
 vendor/github.com/gorilla/csrf/doc.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'vendor/github.com/gorilla/csrf/doc.go')

diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go
index e0bf408..301abe0 100644
--- a/vendor/github.com/gorilla/csrf/doc.go
+++ b/vendor/github.com/gorilla/csrf/doc.go
@@ -135,6 +135,10 @@ providing a JSON API:
         w.Write(b)
     }
 
+If you're writing a client that's supposed to mimic browser behavior, make sure to
+send back the CSRF cookie (the default name is _gorilla_csrf, but this can be changed
+with the CookieName Option) along with either the X-CSRF-Token header or the gorilla.csrf.Token form field.
+
 In addition: getting CSRF protection right is important, so here's some background:
 
     * This library generates unique-per-request (masked) tokens as a mitigation
-- 
cgit v1.2.3