gorilla/csrf

Issues

• [FEATURE] Custom TrustedOrigin matcher

  #178 opened 3 months ago by cody-dot-js
  0

• Clarification Needed on TrustedOrigins Variable Usage

  #177 opened 4 months ago by kokoichi206
  1

• [Question] How to log

  #175 opened 9 months ago by arlando
  1

• First request to protected endpoint fails, CSRF header is empty

  #174 opened 10 months ago by nate-anderson
  0

• [BUG] Middleware doesn't work with Chi

  #173 opened a year ago by romanian-bag-void
  1

• Forbidden - CSRF token invalid

  #172 opened a year ago by kek-wait-w
  0

• [bug] Generate CSRF tokens for skipped requests

  #163 opened 2 years ago by Airblader
  0

• Cannot get basic version of in-browser Javascript application documentation working

  #158 opened 3 years ago by francoposa
  8

• Package is not `go get`able [bug]

  #159 opened 3 years ago by rew1nter
  2

• [docs]

  #156 opened 3 years ago by u0nel
  1

• CSRF middlware is not usable with go gin

  #160 opened 3 years ago by rew1nter
  1

• user disabled/blocked cookies on their browser.

  #155 opened 3 years ago by SirMetathyst
  0

• [bug] Change default request header onto custom

  #145 opened 3 years ago by kubitre
  3

• Does gorilla-csrf really provide more security?

  #143 opened 3 years ago by robojones
  7

• [question] How do I set csrf token from React

  #151 opened 3 years ago by daisuke0925m
  1

• [bug] Not providing token results in wrong error

  #150 opened 3 years ago by FlorianLoch
  1

• csrf.go: ErrBadReferer due to empty r.URL.Host

  #146 opened 3 years ago by slysandwich
  1

• [bug] README.md does not mention the need to keep the CSRF key secret

  #153 opened 3 years ago by maxximino
  1

• Default path can cause unexpected CSRF token rejections

  #144 opened 4 years ago by jackc
  4

• Multiple _gorilla_csrf cookies create an issue

  #152 opened 4 years ago by positiveojm
  2

• [question] X-Csrf-Token is empty in Response headers (Secure is off)

  #139 opened 4 years ago by austincollinpena
  10

• [question] How to use gorilla/csrf for CSRF protection when authenticating with OpenID Connect?

  #141 opened 4 years ago by stapelberg
  4

• [question] Why should we pass the CSRF.Token in Header for a web Application and not in Cookie

  #138 opened 4 years ago by Justin2997
  4

• [bug] Forbidden - CSRF token invalid

  #135 opened 4 years ago by xzol
  6

• [bug] SameSiteNoneMode will not work for go versions 1.11 - 1.12

  #131 opened 4 years ago by andwun
  6

• CSRF protection working for one url and not for another

  #134 opened 5 years ago by devasiajoseph
  8

• [bug] CSRF verification fail if requests takes too long

  #133 opened 5 years ago by sunshine69
  9

• [question] csrf.Path("/") doesn't allow any path as expected

  #127 opened 5 years ago by DDynamic
  2

• [question] Get 403 invalid csrf token occasionally

  #129 opened 5 years ago by danqing
  4

• [feature] SameSite flag support

  #130 opened 5 years ago by maldevel
  2

• Using same csrf token for form and api calls from js side

  #128 opened 5 years ago by crawter
  9

• [question] XHR + CSRF questions

  #126 opened 5 years ago by bigradish
  15

• Minor version Bump?

  #125 opened 5 years ago by leononame
  2

• Override _gorilla_csrf cookiename

  #124 opened 5 years ago by proyb6
  0

• [feature] SameSite missing from Options?

  #121 opened 5 years ago by bencanford
  1

• [question] Downsides of `csrf.Path("/")`?

  #122 opened 5 years ago by adiabatic
  2

• Trusted Origins

  #116 opened 5 years ago by fjorgemota
  3

• [bug] Default MaxAge never applies

  #119 opened 5 years ago by betawaffle
  4

• Getting 'Forbidden - CSRF token invalid' on post request using axios from client.

  #109 opened 5 years ago by jljucutan
  8

• Getting 'Forbidden - CSRF token invalid' while sending Ajax POST request using javascript XMLHttpRequest()

  #108 opened 6 years ago by Kenmobility
  19

• CSRF tokens set without using the SameSite flag

  #99 opened 6 years ago by tzafrirben
  2

• Clearing `_gorilla_csrf` cookie not regenerating

  #104 opened 6 years ago by donaldthai
  14

• Enhancement: make safe methods configurable

  #106 opened 6 years ago by fredbi
  3

• [question] General CSRF Protection and Library Questions

  #105 opened 6 years ago by donaldthai
  5

• Background GET before POST request?

  #97 opened 6 years ago by britishben
  4

• Non-cookie session store

  #100 opened 6 years ago by muirdm
  7

• Forbidden - CSRF token invalid

  #93 opened 6 years ago by nanohayder
  6

• Fails when GET and POST not in same path

  #96 opened 6 years ago by sj14
  4

• How to do csrf protection for http.Get requests?

  #95 opened 6 years ago by qibobo
  4

• Interaction with Websockets

  #92 opened 6 years ago by iaburton
  2