Turned on anti-CSRF; now all POSTs return forbidden

44 Views Asked by Jeffrey Rennie At 12 April 2025 at 17:49

I added

    app.Use(csrf.New())

to my Fiber app, and now all the POSTs return 403 Forbidden. I see the csrf_ token in the headers, so I don't understand why I get 403s:

POST /increment HTTP/1.1
Host: localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
HX-Request: true
HX-Trigger: increment-form
HX-Target: increment-form
HX-Current-URL: http://localhost:3000/counter
Content-Type: application/x-www-form-urlencoded
Content-Length: 7
Origin: http://localhost:3000
DNT: 1
Connection: keep-alive
Referer: http://localhost:3000/counter
Cookie: csrf_=25c925eb-c986-4147-b56f-67d5a72f7144
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

Response:

HTTP/1.1 403 Forbidden
Date: Fri, 27 Oct 2023 01:50:08 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9

Full code is here: https://github.com/surferjeff/blazor-compared/blob/392fdd4313410981e3350a4aef3967f33b609b60/GoTemplApp/hello.go#L52

Original Q&A

Turned on anti-CSRF; now all POSTs return forbidden

There are 0 best solutions below

Related Questions in GO-FIBER

Trending Questions

Popular # Hahtags

Popular Questions