服务端
- app.conf
enablexsrf = true
xsrfkey = 61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o
xsrfexpire = 3600
- Controlle
func (this *HomeController) Get(){
this.XSRFExpire = 7200
this.Data["xsrfdata"]=template.HTML(this.XSRFFormHTML())
}
// or
this.Data["xsrf_token"]=this.XSRFToken()
前端
<form action="/new_message" method="post">
{{ .xsrfdata }}
<input type="text" name="message"/>
<input type="submit" value="Post"/>
</form>
$.postJSON = function(url, args, callback) {
var xsrf, xsrflist;
xsrf = $.cookie("_xsrf");
xsrflist = xsrf.split("|");
args._xsrf = base64_decode(xsrflist[0]);
$.ajax({url: url, data: $.param(args), dataType: "text", type: "POST",
success: function(response) {
callback(eval("(" + response + ")"));
}});
};
$.deleteJSON = function(url, args, callback) {
var xsrf, xsrflist;
xsrf = $.cookie("_xsrf");
xsrflist = xsrf.split("|");
args._xsrf = base64_decode(xsrflist[0]);
$.ajax({url: url,
beforeSend:function (request) {
request.setRequestHeader("X-XSRFToken",args._xsrf)
},
dataType: "text", type: "DELETE",
success: function(response) {
callback(eval("(" + response + ")"));
}});
};
$.putJSON = function(url, args, callback) {
var xsrf, xsrflist;
xsrf = $.cookie("_xsrf");
xsrflist = xsrf.split("|");
args._xsrf = base64_decode(xsrflist[0]);
$.ajax({url: url,
data: $.param(args),
dataType: "text", type: "PUT",
success: function(response) {
callback(eval("(" + response + ")"));
}});
};
<meta name="_xsrf" content="{{.xsrf_token}}" />