justinas/nosurf

Issues

• How to use with gin?

  #30 opened 8 years ago by dre1080
  7

• CSRF failed with bad request

  #69 opened 2 years ago by hoang408
  1

• Ability to handle multiple cookies in context

  #66 opened 2 years ago by stefanoschrs
  5

• Installing command of `nosurf` is missing in README.md

  #67 opened 2 years ago by bishal7679
  0

• Inappropriate key in call to `context.WithValue`

  #65 opened 2 years ago by r0xdeadbeef
  0

• Combining Session and CSRF cookie

  #57 opened 4 years ago by xeoncross
  3

• How does nosurf OTP protect against BREACH?

  #64 opened 4 years ago by xeoncross
  5

• RegenerateToken generates two CSRF cookies when no previous CSRF cookie was set

  #61 opened 4 years ago by aeneasr
  0

• Validation fails with X-CSRF-Token

  #7 opened 11 years ago by danjac
  8

• Token value error

  #39 opened 6 years ago by hellower
  6

• Prevent form resubmit

  #55 opened 5 years ago by hazcod
  1

• Logging

  #56 opened 5 years ago by tegk
  1

• Is this normal behavior?

  #59 opened 5 years ago by NCSantos
  5

• Cookie tokens not masked?

  #16 opened 10 years ago by paulbellamy
  5

• Remove Referer check

  #46 opened 7 years ago by Lekensteyn
  1

• SetBaseCookie not having effect

  #51 opened 6 years ago by hazcod
  8

• Doubts about many cookies and many Path for a single domain.

  #53 opened 6 years ago by frederikhors
  13

• Wiki page for newbies doubts and problems

  #52 opened 6 years ago by frederikhors
  0

• Possible flaw

  #48 opened 6 years ago by arjndr
  2

• nosurf breaks MultipartReader()

  #27 opened 7 years ago by bryanjeal
  12

• Signing Cookies

  #11 opened 7 years ago by elithrar
  8

• Filtering out safe methods and excluded paths

  #37 opened 7 years ago by inmylo
  2

• please consider updating tags or deleting the current tag

  #43 opened 7 years ago by jolan
  3

• example is insecure

  #44 opened 7 years ago by jolan
  4

• Send a response body in defaultFailureHandler

  #41 opened 7 years ago by alexedwards
  2

• Seems to be broken with Go 1.7

  #35 opened 8 years ago by jack-chung
  13

• Remove examples folder

  #34 opened 9 years ago by alexedwards
  2

• Why is the token base64 encoded?

  #33 opened 9 years ago
  3

• Broken response with nosurf and gzip middleware

  #31 opened 9 years ago by wader
  2

• Use golang.org/x/net/context instead of gorilla based context

  #28 opened 9 years ago by alitn
  3

• Failure with enctype="multipart/form-data"

  #26 opened 10 years ago by bryanjeal
  2

• Blacklist handlers rather than wrapping all and whitelist some

  #24 opened 10 years ago by peterbe
  3

• ExemptRegexps doesn't work

  #23 opened 10 years ago by chespinoza
  3

• "csrf_token" cookie being generated on exempted routes

  #22 opened 10 years ago
  3

• OTP not implemented correctly.

  #21 opened 10 years ago by james-lawrence
  3

• Best approach if is required use multiple html forms in a template

  #19 opened 10 years ago by chespinoza
  3

• Httprouter compatibility?

  #17 opened 10 years ago by chespinoza
  2

• Allow context to use something other than an in-memory map

  #18 opened 10 years ago by jkodumal
  1

• Ineffective encryption

  #5 opened 11 years ago by lukecyca
  2

• Token Length

  #4 opened 11 years ago by elithrar
  1

• handler.go: Token appears to be generated twice if not found in cookie

  #6 opened 11 years ago by taruti
  1

• Employ techniques to mitigate BREACH.

  #2 opened 11 years ago by justinas
  7

• Vary: Cookie Header

  #3 opened 11 years ago by elithrar
  2

• Use only crypto/rand for token generation.

  #1 opened 11 years ago by justinas
  1