Example #1
0
func main() {
	server := web.NewServer()
	server.Get("/", myHandler)
	server.Post("/", myHandler)

	http.ListenAndServe(":8000", nosurf.New(server))
}
Example #2
0
func main() {
	goji.Get("/", IndexHandler) // Doesn't need CSRF protection (no POST/PUT/DELETE actions).

	signup := web.New()
	goji.Handle("/signup/*", signup)
	// But our signup forms do, so we add nosurf to their middleware stack (only).
	signup.Use(nosurf.NewPure)
	signup.Get("/signup/new", ShowSignupForm)
	signup.Post("/signup/submit", SubmitSignupForm)

	admin := web.New()
	// A more advanced example: we enforce secure cookies (HTTPS only),
	// set a domain and keep the expiry time low.
	a := nosurf.New(admin)
	a.SetBaseCookie(http.Cookie{
		Name:     "csrf_token",
		Domain:   "localhost",
		Path:     "/admin",
		MaxAge:   3600 * 4,
		HttpOnly: true,
		Secure:   true,
	})

	// Our /admin/* routes now have CSRF protection.
	goji.Handle("/admin/*", a)

	goji.Serve()
}
Example #3
0
func main() {
	http.HandleFunc("/", Index)

	// when you route urls with .Handle[Func]() they end up on DefaultServeMux
	csrfHandler := nosurf.New(http.DefaultServeMux)

	// exempting by an exact path...
	// won't exempt /faq/question-1
	csrfHandler.ExemptPath("/faq")

	// exempting by a glob
	// will exempt /post, /post1, /post2, etc.
	// won't exempt /post1/comments, as * stops at a /
	csrfHandler.ExemptGlob("/post*")

	// exempting by a regexp
	// will exempt /static, /static/, /static/favicon.ico, /static/css/style.css, etc.
	csrfHandler.ExemptRegexp("/static(.*)")

	// setting the failureHandler. Will call this in case the CSRF check fails.
	csrfHandler.SetFailureHandler(http.HandlerFunc(failHand))

	http.ListenAndServe(":8000", csrfHandler)
}
Example #4
0
func main() {
	myHandler := http.HandlerFunc(myFunc)
	fmt.Println("Listening on http://127.0.0.1:8000/")
	http.ListenAndServe(":8000", nosurf.New(myHandler))
}