文件名称:Go的CSRF中间件nosurf.zip
文件大小:21KB
文件格式:ZIP
更新时间:2022-08-05 00:23:19
开源项目 nosurf 是 Go 语言的一个 CSRF 跨站请求伪造(Cross Site Request Forgery) 中间件,可嵌入到 net/http 中使用,可方便与 Gorilla 和 Martini 框架结合使用。 示例代码: package main import ( "fmt" "github.com/justinas/nosurf" "html/template" "net/http" ) var templateString string = ` <html> <body> {{ if .name }}
Your name: {{ .name }}
{{ end }} <form action="/" method="POST"> <input type="text" name="name"> <!-- Try removing this or changing its value and see what happens --> <input type="hidden" name="csrf_token" value="{{ .token }}"> <input type="submit" value="Send"> </form> </body> </html> ` var templ = template.Must(template.New("t1").Parse(templateString)) func myFunc(w http.ResponseWriter, r *http.Request) { context := make(map[string]string) context["token"] = nosurf.Token(r) if r.Method == "POST" { context["name"] = r.FormValue("name") } templ.Execute(w, context) } func main() { myHandler := http.HandlerFunc(myFunc) fmt.Println("Listening on http://127.0.0.1:8000/") http.ListenAndServe(":8000", nosurf.New(myHandler)) } 标签:nosurf【文件预览】:
nosurf-master
----.travis.yml(288B)
----exempt.go(3KB)
----handler.go(6KB)
----utils_test.go(1KB)
----context_legacy.go(2KB)
----handler_legacy.go(120B)
----token.go(2KB)
----context.go(1KB)
----handler_legacy_test.go(449B)
----crypto.go(1017B)
----handler_go17.go(206B)
----LICENSE(1KB)
----exempt_test.go(5KB)
----crypto_test.go(2KB)
----context_test.go(214B)
----.gitignore(311B)
----testutils_test.go(2KB)
----README.md(4KB)
----context_legacy_test.go(2KB)
----utils.go(567B)
----token_test.go(2KB)
----handler_test.go(10KB)
----handler_go17_test.go(730B)