Skip to content
CSRF protection middleware for Gin.
Branch: master
Clone or download
#10 Compare This branch is 28 commits ahead, 3 commits behind tommy351:master.
Latest commit 40fb8d2 Apr 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore First commit Sep 8, 2014
.travis.yml travis: fixed 1.10 parsing as 1.1 Feb 8, 2019
LICENSE Added a license Apr 9, 2017
README.md revise the cookie store and gin implementation Apr 20, 2019
csrf.go Removed debug output Apr 9, 2017
csrf_test.go fix test Feb 5, 2019
go.mod Update go.mod Feb 13, 2019
go.sum add mod files Feb 5, 2019

README.md

gin-csrf Build Status

CSRF protection middleware for Gin. This middleware has to be used with gin-contrib/sessions.

Original credit to tommy351, this fork makes it work with gin-gonic contrib sessions.

Installation

$ go get github.com/utrack/gin-csrf

Usage

package main

import (
	"github.com/gin-contrib/sessions"
	"github.com/gin-contrib/sessions/cookie"
	"github.com/gin-gonic/gin"
	"github.com/utrack/gin-csrf"
)

func main() {
	r := gin.Default()
	store := cookie.NewStore([]byte("secret"))
	r.Use(sessions.Sessions("mysession", store))
	r.Use(csrf.Middleware(csrf.Options{
		Secret: "secret123",
		ErrorFunc: func(c *gin.Context) {
			c.String(400, "CSRF token mismatch")
			c.Abort()
		},
	}))

	r.GET("/protected", func(c *gin.Context) {
		c.String(200, csrf.GetToken(c))
	})

	r.POST("/protected", func(c *gin.Context) {
		c.String(200, "CSRF token is valid")
	})

	r.Run(":8080")
}
You can’t perform that action at this time.