Skip to content

Any document demonstrate the way using CSRF middleware? #582

Description

@yajiya

It doesn't work by just simply add Use in context

package main

import (
    "net/http"

    "github.com/labstack/echo"
    "github.com/labstack/echo/engine/standard"
    //"github.com/labstack/echo/engine/fasthttp"
    "github.com/labstack/echo/middleware"
)

func main() {

    // Echo instance
    e := echo.New()

    // Middleware
    e.Use(middleware.Logger())
    e.Use(middleware.Recover())
    e.Use(middleware.Gzip())
    e.Use(middleware.CSRF([]byte("secret")))

    e.GET("/", form)
    e.POST("/", formPost)

    // Start server
    e.Run(standard.New(":1324"))
}

func form(c echo.Context) error {
    return c.HTML(http.StatusOK, `
<html>
<body>
<form method='POST'>
<input type='text' name='name' /><br/>
<input type='submit' value='submit' />
</form>
</body>
</html> 
    `)
}

func formPost(c echo.Context) error {
    name := c.FormValue("name")
    return c.String(http.StatusOK, name)
}

And error shows

invalid csrf token

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions