Skip to content

Commit

Permalink
update: [csrf] Allow setting the domain of XSRF-TOKEN
Browse files Browse the repository at this point in the history
  • Loading branch information
kainonly committed Sep 19, 2023
1 parent c26ebd9 commit 6602036
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions csrf/csrf.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ type Csrf struct {
CookieName string
SaltName string
HeaderName string
Domain string
IgnoreMethods map[string]bool
}

Expand All @@ -31,6 +32,7 @@ func New(options ...Option) *Csrf {
CookieName: "XSRF-TOKEN",
SaltName: "XSRF-SALT",
HeaderName: "X-XSRF-TOKEN",
Domain: "",
IgnoreMethods: map[string]bool{
"GET": true,
"HEAD": true,
Expand Down Expand Up @@ -79,10 +81,16 @@ func SetIgnoreMethods(methods []string) Option {
}
}

func SetDomain(v string) Option {
return func(x *Csrf) {
x.Domain = v
}
}

func (x *Csrf) SetToken(c *app.RequestContext) {
salt := strutil.RandomCharsV3(16)
salt := strutil.MicroTimeHexID()
c.SetCookie(x.SaltName, salt, 86400, "/", "", protocol.CookieSameSiteStrictMode, true, true)
c.SetCookie(x.CookieName, x.Tokenize(salt), 86400, "/", "", protocol.CookieSameSiteStrictMode, true, false)
c.SetCookie(x.CookieName, x.Tokenize(salt), 86400, "/", x.Domain, protocol.CookieSameSiteStrictMode, true, false)
}

func (x *Csrf) Tokenize(salt string) string {
Expand Down

0 comments on commit 6602036

Please sign in to comment.