mirror of
https://github.com/astaxie/beego.git
synced 2024-11-24 22:10:54 +00:00
XSRF add secure and http only flag
This commit is contained in:
parent
87b40ee9e7
commit
a0d1c42dac
@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
|
|||||||
token, ok := ctx.GetSecureCookie(key, "_xsrf")
|
token, ok := ctx.GetSecureCookie(key, "_xsrf")
|
||||||
if !ok {
|
if !ok {
|
||||||
token = string(utils.RandomCreateBytes(32))
|
token = string(utils.RandomCreateBytes(32))
|
||||||
ctx.SetSecureCookie(key, "_xsrf", token, expire)
|
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
|
||||||
}
|
}
|
||||||
ctx._xsrfToken = token
|
ctx._xsrfToken = token
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,10 @@ package context
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestXsrfReset_01(t *testing.T) {
|
func TestXsrfReset_01(t *testing.T) {
|
||||||
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
|
|||||||
if token == c._xsrfToken {
|
if token == c._xsrfToken {
|
||||||
t.FailNow()
|
t.FailNow()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ck := c.ResponseWriter.Header().Get("Set-Cookie")
|
||||||
|
assert.True(t, strings.Contains(ck, "Secure"))
|
||||||
|
assert.True(t, strings.Contains(ck, "HttpOnly"))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user