mirror of
https://github.com/astaxie/beego.git
synced 2024-11-22 11:50:55 +00:00
beego: XSRF support Controller level fix #610
default value is true when you Enable Global XSRF, also can control in the prepare function to change the value.
This commit is contained in:
parent
e657dcfd5f
commit
c5c806b58e
@ -47,6 +47,7 @@ type Controller struct {
|
||||
XSRFExpire int
|
||||
AppController interface{}
|
||||
EnableRender bool
|
||||
EnableXSRF bool
|
||||
}
|
||||
|
||||
// ControllerInterface is an interface to uniform all controller handler.
|
||||
@ -76,6 +77,7 @@ func (c *Controller) Init(ctx *context.Context, controllerName, actionName strin
|
||||
c.TplExt = "tpl"
|
||||
c.AppController = app
|
||||
c.EnableRender = true
|
||||
c.EnableXSRF = true
|
||||
c.Data = ctx.Input.Data
|
||||
}
|
||||
|
||||
@ -441,6 +443,9 @@ func (c *Controller) XsrfToken() string {
|
||||
// the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
|
||||
// or in form field value named as "_xsrf".
|
||||
func (c *Controller) CheckXsrfCookie() bool {
|
||||
if !c.EnableXSRF {
|
||||
return true
|
||||
}
|
||||
token := c.GetString("_xsrf")
|
||||
if token == "" {
|
||||
token = c.Ctx.Request.Header.Get("X-Xsrftoken")
|
||||
|
@ -906,6 +906,9 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
//call the controller init function
|
||||
execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
|
||||
|
||||
//call prepare function
|
||||
execController.Prepare()
|
||||
|
||||
//if XSRF is Enable then check cookie where there has any cookie in the request's cookie _csrf
|
||||
if EnableXSRF {
|
||||
execController.XsrfToken()
|
||||
@ -915,9 +918,6 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
}
|
||||
|
||||
//call prepare function
|
||||
execController.Prepare()
|
||||
|
||||
if !w.started {
|
||||
//exec main logic
|
||||
switch runMethod {
|
||||
|
@ -186,16 +186,21 @@ func Htmlunquote(src string) string {
|
||||
|
||||
// UrlFor returns url string with another registered controller handler with params.
|
||||
// usage:
|
||||
//
|
||||
// UrlFor(".index")
|
||||
// print UrlFor("index")
|
||||
// router /login
|
||||
// print UrlFor("login")
|
||||
// print UrlFor("login", "next","/"")
|
||||
// print UrlFor("profile", "username","John Doe")
|
||||
// router /profile/:username
|
||||
// print UrlFor("profile", ":username","John Doe")
|
||||
// result:
|
||||
// /
|
||||
// /login
|
||||
// /login?next=/
|
||||
// /user/John%20Doe
|
||||
//
|
||||
// more detail http://beego.me/docs/mvc/controller/urlbuilding.md
|
||||
func UrlFor(endpoint string, values ...string) string {
|
||||
return BeeApp.UrlFor(endpoint, values...)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user