gorilla/csrf v1.6.2 Release NotesRelease Date: 2019-11-21 // 2 months ago
Previous changes from v1.6.1
🚀 🆕 This release introduces the
TrustedOriginsoption, which allows a user to explicitly trust specific Referers. This simplifies the use of this library when the backend domain (issuing the cookie) does not match the front-end domain, such as in Single Page Application architectures.
🚀 🐞 This release also fixes a regression to applying the default cookie MaxAge (cookies were only session cookies). This would typically have been unnoticed by most users as the CSRF middleware resets the cookie on each request.