fix inconsistent cookies, set csrf cookie path
while working on the /set-language route, i noticed that i was getting a csrf error for all /admin views when setting the language, while it worked well on non-admin routes. the issue, it turned out, was that we needed to configure gorilla's csrf feature to set all cookies on the same route. when unconfigured, the set cookies will only be set for the path they are being set at. see more in the gorilla.csrf documentation (in particular the csrf.Path option): https://pkg.go.dev/github.com/gorilla/csrf?utm_source=godoc#Path
This commit is contained in:
parent
c97b7d44c3
commit
b9fe27b0ca
|
@ -204,6 +204,7 @@ func New(
|
|||
}
|
||||
|
||||
CSRF := csrf.Protect(csrfKey,
|
||||
csrf.Path("/"),
|
||||
csrf.ErrorHandler(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
err := csrf.FailureReason(req)
|
||||
// TODO: localize error?
|
||||
|
|
Loading…
Reference in New Issue