From f8e3dea19012ccf05965d10255789eec33c2ebcf Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Thu, 23 Aug 2018 22:51:21 +0100 Subject: Update deps --- vendor/github.com/gorilla/csrf/doc.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'vendor/github.com/gorilla/csrf/doc.go') diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go index 3046cdc..503c948 100644 --- a/vendor/github.com/gorilla/csrf/doc.go +++ b/vendor/github.com/gorilla/csrf/doc.go @@ -71,7 +71,10 @@ in order to protect malicious POST requests being made: r := mux.NewRouter() r.HandleFunc("/signup", ShowSignupForm) // All POST requests without a valid token will return HTTP 403 Forbidden. - r.HandleFunc("/signup/post", SubmitSignupForm) + // We should also ensure that our mutating (non-idempotent) handler only + // matches on POST requests. We can check that here, at the router level, or + // within the handler itself via r.Method. + r.HandleFunc("/signup/post", SubmitSignupForm).Methods("POST") // Add the middleware to your router by wrapping it. http.ListenAndServe(":8000", -- cgit v1.2.3