From 3ce301aa0fb9ac88b813016cf7c5e0073a69e1d0 Mon Sep 17 00:00:00 2001
From: Karel Bilek <karel.bilek@brank.as>
Date: Wed, 9 Dec 2020 09:35:13 +0700
Subject: [PATCH] Add note about csrf.Path option

Our app started showing CSRF error for some users, and it took me a day to debug why.

I am adding this to readme so other people know where to look.
---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index ae7ab5d..be1558c 100644
--- a/README.md
+++ b/README.md
@@ -304,6 +304,21 @@ func main() {
 }
 ```
 
+### Cookie path
+
+By default, CSRF cookies are set on the path of the request.
+
+This can create issues, if the request is done from one path to a different path.
+
+You might want to set up a root path for all the cookies; that way, the CSRF will always work across all your paths.
+
+```
+    CSRF := csrf.Protect(
+      []byte("a-32-byte-long-key-goes-here"),
+      csrf.Path("/"),
+    )
+```
+
 ### Setting Options
 
 What about providing your own error handler and changing the HTTP header the