mirror of
https://github.com/astaxie/beego.git
synced 2024-11-21 21:30:54 +00:00
XSRF add secure and http only flag
This commit is contained in:
parent
87b40ee9e7
commit
a0d1c42dac
@ -150,7 +150,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
|
||||
token, ok := ctx.GetSecureCookie(key, "_xsrf")
|
||||
if !ok {
|
||||
token = string(utils.RandomCreateBytes(32))
|
||||
ctx.SetSecureCookie(key, "_xsrf", token, expire)
|
||||
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
|
||||
}
|
||||
ctx._xsrfToken = token
|
||||
}
|
||||
|
@ -17,7 +17,10 @@ package context
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestXsrfReset_01(t *testing.T) {
|
||||
@ -44,4 +47,8 @@ func TestXsrfReset_01(t *testing.T) {
|
||||
if token == c._xsrfToken {
|
||||
t.FailNow()
|
||||
}
|
||||
|
||||
ck := c.ResponseWriter.Header().Get("Set-Cookie")
|
||||
assert.True(t, strings.Contains(ck, "Secure"))
|
||||
assert.True(t, strings.Contains(ck, "HttpOnly"))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user