cirius
Golang starter kit for fast development
Security
Add a hidden input field with the CSRF token to all HTML forms that make POST,
PUT or DELETE requests
<form method="post" action="/submit">
<input type="hidden" name="_csrf" value="{{ .csrfToken }}">
<!-- other form fields go here -->
<button type="submit">Submit</button>
</form>
In the code above, we are using a Go template to render the HTML form. The
.csrfToken
variable should contain the value of the CSRF token generated by
the csrf
middleware. You can retrieve this value in your handler function
using the echo.Context.Get()
method:
func SubmitHandler(c echo.Context) error {
csrfToken := c.Get("csrf").(string)
// handle the form submission here
}
Note that the name of the CSRF token input field ("_csrf") should match the
value of the csrf.Config.Fieldname property. If you change this value, make
sure to update the name of the input field accordingly.