func main() {
server := web.NewServer()
server.Get("/", myHandler)
server.Post("/", myHandler)
http.ListenAndServe(":8000", nosurf.New(server))
}
func main() {
goji.Get("/", IndexHandler) // Doesn't need CSRF protection (no POST/PUT/DELETE actions).
signup := web.New()
goji.Handle("/signup/*", signup)
// But our signup forms do, so we add nosurf to their middleware stack (only).
signup.Use(nosurf.NewPure)
signup.Get("/signup/new", ShowSignupForm)
signup.Post("/signup/submit", SubmitSignupForm)
admin := web.New()
// A more advanced example: we enforce secure cookies (HTTPS only),
// set a domain and keep the expiry time low.
a := nosurf.New(admin)
a.SetBaseCookie(http.Cookie{
Name: "csrf_token",
Domain: "localhost",
Path: "/admin",
MaxAge: 3600 * 4,
HttpOnly: true,
Secure: true,
})
// Our /admin/* routes now have CSRF protection.
goji.Handle("/admin/*", a)
goji.Serve()
}
func main() {
http.HandleFunc("/", Index)
// when you route urls with .Handle[Func]() they end up on DefaultServeMux
csrfHandler := nosurf.New(http.DefaultServeMux)
// exempting by an exact path...
// won't exempt /faq/question-1
csrfHandler.ExemptPath("/faq")
// exempting by a glob
// will exempt /post, /post1, /post2, etc.
// won't exempt /post1/comments, as * stops at a /
csrfHandler.ExemptGlob("/post*")
// exempting by a regexp
// will exempt /static, /static/, /static/favicon.ico, /static/css/style.css, etc.
csrfHandler.ExemptRegexp("/static(.*)")
// setting the failureHandler. Will call this in case the CSRF check fails.
csrfHandler.SetFailureHandler(http.HandlerFunc(failHand))
http.ListenAndServe(":8000", csrfHandler)
}
func main() {
myHandler := http.HandlerFunc(myFunc)
fmt.Println("Listening on http://127.0.0.1:8000/")
http.ListenAndServe(":8000", nosurf.New(myHandler))
}