mirror of
https://github.com/astaxie/beego.git
synced 2024-11-29 23:51:29 +00:00
beego: XSRF support Controller level fix #610
default value is true when you Enable Global XSRF, also can control in the prepare function to change the value.
This commit is contained in:
parent
f6ce2656db
commit
34ddcef1dc
@ -47,6 +47,7 @@ type Controller struct {
|
|||||||
XSRFExpire int
|
XSRFExpire int
|
||||||
AppController interface{}
|
AppController interface{}
|
||||||
EnableRender bool
|
EnableRender bool
|
||||||
|
EnableXSRF bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// ControllerInterface is an interface to uniform all controller handler.
|
// ControllerInterface is an interface to uniform all controller handler.
|
||||||
@ -76,6 +77,7 @@ func (c *Controller) Init(ctx *context.Context, controllerName, actionName strin
|
|||||||
c.TplExt = "tpl"
|
c.TplExt = "tpl"
|
||||||
c.AppController = app
|
c.AppController = app
|
||||||
c.EnableRender = true
|
c.EnableRender = true
|
||||||
|
c.EnableXSRF = true
|
||||||
c.Data = ctx.Input.Data
|
c.Data = ctx.Input.Data
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -441,6 +443,9 @@ func (c *Controller) XsrfToken() string {
|
|||||||
// the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
|
// the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
|
||||||
// or in form field value named as "_xsrf".
|
// or in form field value named as "_xsrf".
|
||||||
func (c *Controller) CheckXsrfCookie() bool {
|
func (c *Controller) CheckXsrfCookie() bool {
|
||||||
|
if !c.EnableXSRF {
|
||||||
|
return true
|
||||||
|
}
|
||||||
token := c.GetString("_xsrf")
|
token := c.GetString("_xsrf")
|
||||||
if token == "" {
|
if token == "" {
|
||||||
token = c.Ctx.Request.Header.Get("X-Xsrftoken")
|
token = c.Ctx.Request.Header.Get("X-Xsrftoken")
|
||||||
|
@ -906,6 +906,9 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
|||||||
//call the controller init function
|
//call the controller init function
|
||||||
execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
|
execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
|
||||||
|
|
||||||
|
//call prepare function
|
||||||
|
execController.Prepare()
|
||||||
|
|
||||||
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
|
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
|
||||||
if EnableXSRF {
|
if EnableXSRF {
|
||||||
execController.XsrfToken()
|
execController.XsrfToken()
|
||||||
@ -915,9 +918,6 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//call prepare function
|
|
||||||
execController.Prepare()
|
|
||||||
|
|
||||||
if !w.started {
|
if !w.started {
|
||||||
//exec main logic
|
//exec main logic
|
||||||
switch runMethod {
|
switch runMethod {
|
||||||
|
@ -186,16 +186,21 @@ func Htmlunquote(src string) string {
|
|||||||
|
|
||||||
// UrlFor returns url string with another registered controller handler with params.
|
// UrlFor returns url string with another registered controller handler with params.
|
||||||
// usage:
|
// usage:
|
||||||
|
//
|
||||||
// UrlFor(".index")
|
// UrlFor(".index")
|
||||||
// print UrlFor("index")
|
// print UrlFor("index")
|
||||||
|
// router /login
|
||||||
// print UrlFor("login")
|
// print UrlFor("login")
|
||||||
// print UrlFor("login", "next","/"")
|
// print UrlFor("login", "next","/"")
|
||||||
// print UrlFor("profile", "username","John Doe")
|
// router /profile/:username
|
||||||
|
// print UrlFor("profile", ":username","John Doe")
|
||||||
// result:
|
// result:
|
||||||
// /
|
// /
|
||||||
// /login
|
// /login
|
||||||
// /login?next=/
|
// /login?next=/
|
||||||
// /user/John%20Doe
|
// /user/John%20Doe
|
||||||
|
//
|
||||||
|
// more detail http://beego.me/docs/mvc/controller/urlbuilding.md
|
||||||
func UrlFor(endpoint string, values ...string) string {
|
func UrlFor(endpoint string, values ...string) string {
|
||||||
return BeeApp.UrlFor(endpoint, values...)
|
return BeeApp.UrlFor(endpoint, values...)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user