29 lines
628 B
Go
29 lines
628 B
Go
package csrf
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
func (m *Middleware) getTokenFromCookies(r *http.Request) string {
|
|
tokenCookie, err := r.Cookie(m.CookieName)
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
|
|
tokenValue := strings.TrimSpace(tokenCookie.Value)
|
|
return tokenValue
|
|
}
|
|
|
|
// Set a cookie with CSRF token that will expire when the browser shuts down.
|
|
func (m *Middleware) setTokenCookie(w http.ResponseWriter, token string) {
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: m.CookieName,
|
|
Value: token,
|
|
Path: "/",
|
|
// JavaScript should have access to this cookie.
|
|
HttpOnly: false,
|
|
SameSite: m.SameSite,
|
|
Secure: m.Secure,
|
|
})
|
|
}
|