Skip to content

Commit

Permalink
Add note about csrf.Path option
Browse files Browse the repository at this point in the history
Our app started showing CSRF error for some users, and it took me a day to debug why.

I am adding this to readme so other people know where to look.
  • Loading branch information
Karel Bilek committed Jan 5, 2021
1 parent 9565ae2 commit 3ce301a
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,21 @@ func main() {
}
```

### Cookie path

By default, CSRF cookies are set on the path of the request.

This can create issues, if the request is done from one path to a different path.

You might want to set up a root path for all the cookies; that way, the CSRF will always work across all your paths.

```
CSRF := csrf.Protect(
[]byte("a-32-byte-long-key-goes-here"),
csrf.Path("/"),
)
```

### Setting Options

What about providing your own error handler and changing the HTTP header the
Expand Down

0 comments on commit 3ce301a

Please sign in to comment.