csrf
csrf copied to clipboard
gorilla
issues/158/examples for working api with javascript frontend
Fixes #158, which is essentially that
- none of the examples in the README for working with a JavaScript frontend will work without proper CORS config on the backend
- there is no example at all for using the HTTP header instead of getting the CSRF token from the hidden form field
Summary of Changes
I have merged/copied over these simplified examples from my own repository of working examples.
I was not sure how the maintainers may want to reference these examples in the main README. Copying them over to the README verbatim would be putting a lot of code into the README, but without changing the current README, the content there differs significantly from the examples.
Would you mind updating your example to use go1.20 and update the dependencies in your go.mod? Then I think we can get this merged.
Codecov Report
Merging #162 (226480b) into main (a71a12f) will not change coverage. Report is 1 commits behind head on main. The diff coverage is
n/a.
@@ Coverage Diff @@
## main #162 +/- ##
=======================================
Coverage 90.93% 90.93%
=======================================
Files 5 5
Lines 353 353
=======================================
Hits 321 321
Misses 25 25
Partials 7 7
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @francoposa
none of the examples in the README for working with a JavaScript frontend will work without proper CORS config on the backend
Could you point me to a resource about this? Is CORS a pre-requisite for CSRF protection? If I setup gorilla/csrf on my SPA without CORS, will my site still be vulnerable to CSRF?
