Closed k0fi closed 3 years ago
The CSRF doesn't come through the header - it should be submitted as an input in the form:
// Create a new view
v := view.New(r)
// Set the template name
v.Name = "login/login"
// Assign a variable that is accessible in the form
v.Vars["token"] = csrfbanana.Token(w, r, sess)
// Refill any form fields from a POST operation
view.Repopulate([]string{"email"}, r.Form, v.Vars)
// Render the template
v.Render(w)
This is where the token should be:
<input type="hidden" name="token" value="{{.token}}">
Hello Joseph, I'd like to let users to like posts through AJAX jQuery POST :
But the snippet above does returns
null
as cookie, presumably as the cookie is http only. Hence I get 403 error from gowebapp.What is your suggestion to fix this?