diff options
author | René 'Necoro' Neumann <necoro@necoro.eu> | 2024-02-14 15:58:16 +0100 |
---|---|---|
committer | René 'Necoro' Neumann <necoro@necoro.eu> | 2024-02-14 15:58:16 +0100 |
commit | 6544171b7a6eb2e0156b66a1ad4c58d3a6cacd86 (patch) | |
tree | c1ce0edd527024e8e03f113b0fb00c05cdfc37bc /csrf | |
parent | 3194896b33500bab959147bac38ab4fb93dd55bb (diff) | |
download | gosten-6544171b7a6eb2e0156b66a1ad4c58d3a6cacd86.tar.gz gosten-6544171b7a6eb2e0156b66a1ad4c58d3a6cacd86.tar.bz2 gosten-6544171b7a6eb2e0156b66a1ad4c58d3a6cacd86.zip |
CSRF handling
Diffstat (limited to '')
-rw-r--r-- | csrf.go | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -0,0 +1,27 @@ +package main + +import ( + "html/template" + "net/http" + + "github.com/gorilla/csrf" + "github.com/gorilla/securecookie" +) + +func csrfHandler(next http.Handler) http.Handler { + return csrf.Protect( + securecookie.GenerateRandomKey(32), + csrf.SameSite(csrf.SameSiteStrictMode), + csrf.FieldName("csrf.csrffield"), // should match the structure in `Csrf` + )(next) +} + +// Csrf handles the CSRF data for a form. +// Include it verbatim and then use `{{.CsrfField}}` in templates. +type Csrf struct { + CsrfField template.HTML `form:"-"` +} + +func CsrfField(r *http.Request) Csrf { + return Csrf{CsrfField: csrf.TemplateField(r)} +} |