Skip to content

Commit

Permalink
Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#…
Browse files Browse the repository at this point in the history
…19338)

There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.
  • Loading branch information
wxiaoguang authored Apr 6, 2022
1 parent 0704009 commit 57c2ca7
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions modules/context/csrf.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF {
}
}

needsNew = needsNew || ctx.Req.Method == "GET" // If this request is a Get request, it will generate a new token, make sure the token is always up-to-date.
if needsNew {
// FIXME: actionId.
x.Token = GenerateToken(x.Secret, x.ID, "POST")
Expand Down

0 comments on commit 57c2ca7

Please sign in to comment.