Add note about csrf.Path option (#147)

gorilla · Apr 11, 2021 · 46c0190 · 46c0190
1 parent 9565ae2
commit 46c0190
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -304,6 +304,21 @@ func main() {
 }
 ```
 
+### Cookie path
+
+By default, CSRF cookies are set on the path of the request.
+
+This can create issues, if the request is done from one path to a different path.
+
+You might want to set up a root path for all the cookies; that way, the CSRF will always work across all your paths.
+
+```
+    CSRF := csrf.Protect(
+      []byte("a-32-byte-long-key-goes-here"),
+      csrf.Path("/"),
+    )
+```
+
 ### Setting Options
 
 What about providing your own error handler and changing the HTTP header the