beego: XSRF support Controller level fix #610

default value is true when you Enable Global XSRF, also can control in the prepare function to change the value.
2024-11-16 01:50:54 +00:00 · 2014-05-17 00:12:25 +08:00 · 2014-05-17 00:12:25 +08:00 · 34ddcef1dc
commit 34ddcef1dc
parent f6ce2656db
3 changed files with 14 additions and 4 deletions
--- a/controller.go
+++ b/controller.go
@ -47,6 +47,7 @@ type Controller struct {
 	XSRFExpire     int
 	AppController  interface{}
 	EnableRender   bool
+	EnableXSRF     bool
 }

 // ControllerInterface is an interface to uniform all controller handler.
@ -76,6 +77,7 @@ func (c *Controller) Init(ctx *context.Context, controllerName, actionName strin
 	c.TplExt = "tpl"
 	c.AppController = app
 	c.EnableRender = true
+	c.EnableXSRF = true
 	c.Data = ctx.Input.Data
 }

@ -441,6 +443,9 @@ func (c *Controller) XsrfToken() string {
 // the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
 // or in form field value named as "_xsrf".
 func (c *Controller) CheckXsrfCookie() bool {
+	if !c.EnableXSRF {
+		return true
+	}
 	token := c.GetString("_xsrf")
 	if token == "" {
 		token = c.Ctx.Request.Header.Get("X-Xsrftoken")
--- a/router.go
+++ b/router.go
@ -906,6 +906,9 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 			//call the controller init function
 			execController.Init(context, runrouter.Name(), runMethod, vc.Interface())

+			//call prepare function
+			execController.Prepare()
+
 			//if XSRF is Enable then check cookie where there has any cookie in the  request's cookie _csrf
 			if EnableXSRF {
 				execController.XsrfToken()
@ -915,9 +918,6 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 				}
 			}

-			//call prepare function
-			execController.Prepare()
-
 			if !w.started {
 				//exec main logic
 				switch runMethod {
--- a/templatefunc.go
+++ b/templatefunc.go
@ -186,16 +186,21 @@ func Htmlunquote(src string) string {

 // UrlFor returns url string with another registered controller handler with params.
 //	usage:
+//
 //	UrlFor(".index")
 //	print UrlFor("index")
+//  router /login
 //	print UrlFor("login")
 //	print UrlFor("login", "next","/"")
-//	print UrlFor("profile", "username","John Doe")
+//  router /profile/:username
+//	print UrlFor("profile", ":username","John Doe")
 //	result:
 //	/
 //	/login
 //	/login?next=/
 //	/user/John%20Doe
+//
+//  more detail http://beego.me/docs/mvc/controller/urlbuilding.md
 func UrlFor(endpoint string, values ...string) string {
 	return BeeApp.UrlFor(endpoint, values...)
 }