Exemple #1
0
// Validate should be used as a per route middleware. It attempts to get a token from a "X-CSRFToken"
// HTTP header and then a "_csrf" form value. If one of these is found, the token will be validated
// using ValidToken. If this validation fails, custom Error is sent in the reply.
// If neither a header or form value is found, http.StatusBadRequest is sent.
func Validate(ctx *macaron.Context, x CSRF) {
	if token := ctx.Req.Header.Get(x.GetHeaderName()); token != "" {
		if !x.ValidToken(token) {
			ctx.SetCookie(x.GetCookieName(), "", -1, x.GetCookiePath())
			x.Error(ctx.Resp)
		}
		return
	}
	if token := ctx.Req.FormValue(x.GetFormName()); token != "" {
		if !x.ValidToken(token) {
			ctx.SetCookie(x.GetCookieName(), "", -1, x.GetCookiePath())
			x.Error(ctx.Resp)
		}
		return
	}

	http.Error(ctx.Resp, "Bad Request: no CSRF token represnet", http.StatusBadRequest)
}
func setCookie(ctx *macaron.Context) {
	ctx.SetCookie("user", "wuwen")
}
Exemple #3
0
func mySetCookieHandler(ctx *macaron.Context) string {
	// set the cookie for 5 minutes
	ctx.SetCookie("user", ctx.Params(":value"), 300)
	return "cookie set for 5 minutes"
}