ability to set xsrf token

2025-10-21 23:04:12 +00:00 · 2014-08-09 19:06:37 -07:00
parent 062e275388
commit ca2a93ed9f
2 changed files with 44 additions and 1 deletions
--- a/shared/httputil/httputil.go
+++ b/shared/httputil/httputil.go
@@ -3,6 +3,8 @@ package httputil
 import (
 	"net/http"
 	"strings"
+
+	"code.google.com/p/xsrftoken"
 )

 // IsHttps is a helper function that evaluates the http.Request
@@ -103,3 +105,26 @@ func DelCookie(w http.ResponseWriter, r *http.Request, name string) {

 	http.SetCookie(w, &cookie)
 }
+
+// SetXsrf writes the cookie value.
+func SetXsrf(w http.ResponseWriter, r *http.Request, token, login string) {
+	cookie := http.Cookie{
+		Name:     "XSRF-TOKEN",
+		Value:    xsrftoken.Generate(token, login, "/"),
+		Path:     "/",
+		Domain:   r.URL.Host,
+		HttpOnly: false,
+		Secure:   IsHttps(r),
+	}
+
+	http.SetCookie(w, &cookie)
+}
+
+// CheckXsrf verifies the xsrf value.
+func CheckXsrf(r *http.Request, token, login string) bool {
+	if r.Method == "GET" {
+		return true
+	}
+	return xsrftoken.Valid(
+		r.Header.Get("X-XSRF-TOKEN"), token, login, "/")
+}