server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4736 from zh199225/develop

Browse Source 
修正:XSRFToken函数在特定情况下会产生多个不同Path的_xsrf同名cookie
This commit is contained in:
Ming Deng 2021-08-19 20:48:39 +08:00 committed by GitHub
commit cf00f74882
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -58,6 +58,7 @@
- Refactor: Move `BindXXX` and `XXXResp` methods to `context.Context`. [4718](https://github.com/beego/beego/pull/4718) - Refactor: Move `BindXXX` and `XXXResp` methods to `context.Context`. [4718](https://github.com/beego/beego/pull/4718)
- Fix 4728: Print wrong file name. [4737](https://github.com/beego/beego/pull/4737) - Fix 4728: Print wrong file name. [4737](https://github.com/beego/beego/pull/4737)
- fix bug:reflect.ValueOf(nil) in getFlatParams [4715](https://github.com/beego/beego/pull/4715) - fix bug:reflect.ValueOf(nil) in getFlatParams [4715](https://github.com/beego/beego/pull/4715)
- Fix 4736: set a fixed value "/" to the "Path" of "_xsrf" cookie. [4736](https://github.com/beego/beego/issues/4735)
## Fix Sonar ## Fix Sonar

2
server/web/context/context.go
View File

@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
if !ok { if !ok {
token = string(utils.RandomCreateBytes(32)) token = string(utils.RandomCreateBytes(32))
// TODO make it configurable // TODO make it configurable
ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "") ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "")
} }
ctx._xsrfToken = token ctx._xsrfToken = token
} }