gorilla/csrf v1.6.2 Release Notes

Release Date: 2019-11-21 // 2 months ago
  • Notable Changes

    🚀 🆕 This release adds support for SameSite cookies (how they work), introduced in Go v1.11+, which can better scope cookies to first-party requests only (instead of just same-origin).

    👀 See the README for an example.

    🔄 CHANGELOG


Previous changes from v1.6.1

  • Notable Changes

    🚀 🆕 This release introduces the TrustedOrigins option, which allows a user to explicitly trust specific Referers. This simplifies the use of this library when the backend domain (issuing the cookie) does not match the front-end domain, such as in Single Page Application architectures.

    🚀 🐞 This release also fixes a regression to applying the default cookie MaxAge (cookies were only session cookies). This would typically have been unnoticed by most users as the CSRF middleware resets the cookie on each request.

    🔄 CHANGELOG