Beego xsrf處理

服務端

• app.conf
  
enablexsrf = true
xsrfkey = 61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o
xsrfexpire = 3600

• Controlle
  
func (this *HomeController) Get(){
this.XSRFExpire = 7200
this.Data["xsrfdata"]=template.HTML(this.XSRFFormHTML())
}
// or
this.Data["xsrf_token"]=this.XSRFToken()


前端

• 表單

<form action="/new_message" method="post">
  {{ .xsrfdata }}
  <input type="text" name="message"/>
  <input type="submit" value="Post"/>
</form>

• Ajax

//Get Post 使用cookie

    $.postJSON = function(url, args, callback) {
        var xsrf, xsrflist;
        xsrf = $.cookie("_xsrf");
        xsrflist = xsrf.split("|");
        args._xsrf = base64_decode(xsrflist[0]);
        $.ajax({url: url, data: $.param(args), dataType: "text", type: "POST",
            success: function(response) {
                callback(eval("(" + response + ")"));
            }});
    };
//delete put 此類請求不使用Cookie數據，可以使用head
 $.deleteJSON = function(url, args, callback) {
        var xsrf, xsrflist;
        xsrf = $.cookie("_xsrf");
        xsrflist = xsrf.split("|");
        args._xsrf = base64_decode(xsrflist[0]);
       // alert(args._xsrf);
        $.ajax({url: url,
            beforeSend:function (request) {
                request.setRequestHeader("X-XSRFToken",args._xsrf)
            },
            dataType: "text", type: "DELETE",
            success: function(response) {
                callback(eval("(" + response + ")"));
            }});
    };
    $.putJSON = function(url, args, callback) {
        var xsrf, xsrflist;
        xsrf = $.cookie("_xsrf");
        xsrflist = xsrf.split("|");
        args._xsrf = base64_decode(xsrflist[0]);
       // alert(args._xsrf);
        $.ajax({url: url,
              data: $.param(args),
            dataType: "text", type: "PUT",
            success: function(response) {
                callback(eval("(" + response + ")"));
            }});
    };

• Head

<meta name="_xsrf" content="{{.xsrf_token}}" />