mirror of
https://github.com/astaxie/beego.git
synced 2024-12-22 11:30:50 +00:00
Merge pull request #4126 from flycash/fix/secureFlagV1
XSRF add secure and http only flag
This commit is contained in:
commit
310161f9d4
@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
|
||||
token, ok := ctx.GetSecureCookie(key, "_xsrf")
|
||||
if !ok {
|
||||
token = string(utils.RandomCreateBytes(32))
|
||||
ctx.SetSecureCookie(key, "_xsrf", token, expire)
|
||||
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
|
||||
}
|
||||
ctx._xsrfToken = token
|
||||
}
|
||||
|
@ -17,7 +17,10 @@ package context
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestXsrfReset_01(t *testing.T) {
|
||||
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
|
||||
if token == c._xsrfToken {
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
ck := c.ResponseWriter.Header().Get("Set-Cookie")
|
||||
assert.True(t, strings.Contains(ck, "Secure"))
|
||||
assert.True(t, strings.Contains(ck, "HttpOnly"))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user