27 lines
470 B
Go
27 lines
470 B
Go
package bootstrap
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/csrf"
|
|
)
|
|
|
|
var CSRFMiddleware func(http.Handler) http.Handler
|
|
|
|
func InitCSRFProtection(csrfKey []byte, isProduction bool) error {
|
|
if len(csrfKey) != 32 {
|
|
return fmt.Errorf("csrf key must be 32 bytes, got %d", len(csrfKey))
|
|
}
|
|
|
|
CSRFMiddleware = csrf.Protect(
|
|
csrfKey,
|
|
csrf.Secure(isProduction),
|
|
csrf.SameSite(csrf.SameSiteStrictMode),
|
|
csrf.Path("/"),
|
|
csrf.HttpOnly(true),
|
|
)
|
|
|
|
return nil
|
|
}
|