- Routing
- Middleware
- CSRF protection
- Controllers
- Models
- Requests
- Responses
- Headers
- Cors
- File uploads
- Views
- Templating
- Assets
- Sessions
- Cookies
- Validation
- Error handling
- Websockets
- Rate limiting
- Queues and jobs
Introduction
Getting started
The basics
Security
Database
Testing
CSRF protection
Like all modern web apps, Gozen comes with CSRF protection built in. This is typically used for POST data and the likes, preventing your forms from being hijacked.This is taken care of for you in the app.go file. You don't need to touch this.
// CSRF middleware loads on EVERY route
func csrfMiddleware(next http.Handler) http.Handler {
//get this from env
key := os.Getenv("APP_KEY")
csrfKey := []byte(key)
csrfMiddleware := csrf.Protect(
csrfKey,
csrf.Secure(true), // Set to true for production
)
return csrfMiddleware(next)
}
You do not need to add anything to your controllers. All you need to do is make sure you have added a .Csrf string in your form html template.
<form method="POST" action="/login">
{{ .Csrf }}
...
</form>