1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-22 11:30:50 +00:00

Merge pull request #4126 from flycash/fix/secureFlagV1

XSRF add secure and http only flag
This commit is contained in:
Ming Deng 2020-08-03 21:24:23 +08:00 committed by GitHub
commit 310161f9d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions

View File

@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
token, ok := ctx.GetSecureCookie(key, "_xsrf")
if !ok {
token = string(utils.RandomCreateBytes(32))
ctx.SetSecureCookie(key, "_xsrf", token, expire)
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
}
ctx._xsrfToken = token
}

View File

@ -17,7 +17,10 @@ package context
import (
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestXsrfReset_01(t *testing.T) {
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
if token == c._xsrfToken {
t.FailNow()
}
ck := c.ResponseWriter.Header().Get("Set-Cookie")
assert.True(t, strings.Contains(ck, "Secure"))
assert.True(t, strings.Contains(ck, "HttpOnly"))
}