Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issues/158/examples for working api with javascript frontend #162

Merged
merged 10 commits into from
Aug 17, 2023
Merged

issues/158/examples for working api with javascript frontend #162

merged 10 commits into from
Aug 17, 2023

Conversation

francoposa
Copy link
Contributor

Fixes #158, which is essentially that

  1. none of the examples in the README for working with a JavaScript frontend will work without proper CORS config on the backend
  2. there is no example at all for using the HTTP header instead of getting the CSRF token from the hidden form field

Summary of Changes

I have merged/copied over these simplified examples from my own repository of working examples.

I was not sure how the maintainers may want to reference these examples in the main README. Copying them over to the README verbatim would be putting a lot of code into the README, but without changing the current README, the content there differs significantly from the examples.

@francoposa
Copy link
Contributor Author

@DavidLarsKetch do you have any input on how to approach the README?

@francoposa francoposa mentioned this pull request Apr 28, 2022
Closed
@coreydaley
Copy link
Contributor

Would you mind updating your example to use go1.20 and update the dependencies in your go.mod? Then I think we can get this merged.

coreydaley
coreydaley previously approved these changes Aug 17, 2023
View reviewed changes
@coreydaley coreydaley enabled auto-merge (squash) August 17, 2023 18:54
@codecov
Copy link

codecov bot commented Aug 17, 2023

Codecov Report

Merging #162 (226480b) into main (a71a12f) will not change coverage.
Report is 1 commits behind head on main.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #162   +/-   ##
=======================================
  Coverage   90.93%   90.93%           
=======================================
  Files           5        5           
  Lines         353      353           
=======================================
  Hits          321      321           
  Misses         25       25           
  Partials        7        7

@coreydaley coreydaley disabled auto-merge August 17, 2023 18:58
@coreydaley coreydaley merged commit c1f4eb3 into gorilla:main Aug 17, 2023
@francoposa francoposa deleted the issues/158/examples-for-working-api-with-javascript-frontend branch August 17, 2023 19:02
@canrozanes
Copy link

Hi @francoposa

none of the examples in the README for working with a JavaScript frontend will work without proper CORS config on the backend

Could you point me to a resource about this? Is CORS a pre-requisite for CSRF protection? If I setup gorilla/csrf on my SPA without CORS, will my site still be vulnerable to CSRF?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robbat2 robbat2 robbat2 left review comments

@coreydaley coreydaley coreydaley left review comments

Assignees
No one assigned
Labels
size/L
Projects
Gorilla Web Toolkit
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot get basic version of in-browser Javascript application documentation working
4 participants
@francoposa @coreydaley @canrozanes @robbat2