1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-22 16:30:48 +00:00

XSRF add secure and http only flag

This commit is contained in:
Ming Deng 2020-08-03 21:03:08 +08:00
parent 87b40ee9e7
commit a0d1c42dac
2 changed files with 8 additions and 1 deletions

View File

@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
token, ok := ctx.GetSecureCookie(key, "_xsrf")
if !ok {
token = string(utils.RandomCreateBytes(32))
ctx.SetSecureCookie(key, "_xsrf", token, expire)
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
}
ctx._xsrfToken = token
}

View File

@ -17,7 +17,10 @@ package context
import (
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/stretchr/testify/assert"
)
func TestXsrfReset_01(t *testing.T) {
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
if token == c._xsrfToken {
t.FailNow()
}
ck := c.ResponseWriter.Header().Get("Set-Cookie")
assert.True(t, strings.Contains(ck, "Secure"))
assert.True(t, strings.Contains(ck, "HttpOnly"))
}