1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-22 03:10:58 +00:00

Merge pull request #4126 from flycash/fix/secureFlagV1

XSRF add secure and http only flag
This commit is contained in:
Ming Deng 2020-08-03 21:24:23 +08:00 committed by GitHub
commit 310161f9d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions

View File

@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
token, ok := ctx.GetSecureCookie(key, "_xsrf") token, ok := ctx.GetSecureCookie(key, "_xsrf")
if !ok { if !ok {
token = string(utils.RandomCreateBytes(32)) token = string(utils.RandomCreateBytes(32))
ctx.SetSecureCookie(key, "_xsrf", token, expire) ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
} }
ctx._xsrfToken = token ctx._xsrfToken = token
} }

View File

@ -17,7 +17,10 @@ package context
import ( import (
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings"
"testing" "testing"
"github.com/stretchr/testify/assert"
) )
func TestXsrfReset_01(t *testing.T) { func TestXsrfReset_01(t *testing.T) {
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
if token == c._xsrfToken { if token == c._xsrfToken {
t.FailNow() t.FailNow()
} }
ck := c.ResponseWriter.Header().Get("Set-Cookie")
assert.True(t, strings.Contains(ck, "Secure"))
assert.True(t, strings.Contains(ck, "HttpOnly"))
} }