From 30802e07b2d84fbc213b490d3402707dffe60096 Mon Sep 17 00:00:00 2001 From: Niall Sheridan Date: Mon, 10 Apr 2017 21:18:42 +0100 Subject: update dependencies --- vendor/github.com/gorilla/csrf/README.md | 2 +- vendor/github.com/gorilla/csrf/doc.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'vendor/github.com/gorilla/csrf') diff --git a/vendor/github.com/gorilla/csrf/README.md b/vendor/github.com/gorilla/csrf/README.md index 8cad716..75e8525 100644 --- a/vendor/github.com/gorilla/csrf/README.md +++ b/vendor/github.com/gorilla/csrf/README.md @@ -1,5 +1,5 @@ # gorilla/csrf -[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf) [![Build Status](https://travis-ci.org/gorilla/csrf.svg?branch=master)](https://travis-ci.org/gorilla/csrf) +[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf) [![Build Status](https://travis-ci.org/gorilla/csrf.svg?branch=master)](https://travis-ci.org/gorilla/csrf) [![Sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge) gorilla/csrf is a HTTP middleware library that provides [cross-site request forgery](http://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/) (CSRF) diff --git a/vendor/github.com/gorilla/csrf/doc.go b/vendor/github.com/gorilla/csrf/doc.go index e0bf408..301abe0 100644 --- a/vendor/github.com/gorilla/csrf/doc.go +++ b/vendor/github.com/gorilla/csrf/doc.go @@ -135,6 +135,10 @@ providing a JSON API: w.Write(b) } +If you're writing a client that's supposed to mimic browser behavior, make sure to +send back the CSRF cookie (the default name is _gorilla_csrf, but this can be changed +with the CookieName Option) along with either the X-CSRF-Token header or the gorilla.csrf.Token form field. + In addition: getting CSRF protection right is important, so here's some background: * This library generates unique-per-request (masked) tokens as a mitigation -- cgit v1.2.3