CSRF protection
Like all modern web apps, Gozen comes with CSRF protection built in. This is typically used for POST data and the likes, preventing your forms from being hijacked.This is taken care of for you in the app.go file. You don't need to touch this.
// CSRF middleware loads on EVERY route func csrfMiddleware(next http.Handler) http.Handler { //get this from env key := os.Getenv("APP_KEY") csrfKey := []byte(key) csrfMiddleware := csrf.Protect( csrfKey, csrf.Secure(true), // Set to true for production ) return csrfMiddleware(next) }
You do not need to add anything to your controllers. All you need to do is make sure you have added a .Csrf string in your form html template.
<form method="POST" action="/login"> {{ .Csrf }} ... </form>