Bot releases are hidden (Show)
What's Changed
- Remove pkg/errors dependency by @husio in https://github.com/gorilla/csrf/pull/161
- Update README.md by @coreydaley in https://github.com/gorilla/csrf/pull/164
- [GPT-96] Update go version & add verification/testing tools by @apoorvajagtap in https://github.com/gorilla/csrf/pull/166
- updated licence by @apoorvajagtap in https://github.com/gorilla/csrf/pull/167
- Update issues.yml by @coreydaley in https://github.com/gorilla/csrf/pull/168
- issues/158/examples for working api with javascript frontend by @francoposa in https://github.com/gorilla/csrf/pull/162
- updating github action workflows by @coreydaley in https://github.com/gorilla/csrf/pull/169
- Updating gorilla/securecookie to v1.1.2 by @coreydaley in https://github.com/gorilla/csrf/pull/170
New Contributors
- @husio made their first contribution in https://github.com/gorilla/csrf/pull/161
- @coreydaley made their first contribution in https://github.com/gorilla/csrf/pull/164
- @apoorvajagtap made their first contribution in https://github.com/gorilla/csrf/pull/166
- @francoposa made their first contribution in https://github.com/gorilla/csrf/pull/162
Full Changelog: https://github.com/gorilla/csrf/compare/v1.7.1...v1.7.2
Published by elithrar over 5 years ago
Notable Changes
- We've removed support for versions of Go prior to v1.7 - v1.6 was released over 3.5 years ago (@kisielk making me feel old!)
- As a result, we've also removed
gorilla/contextas a dependency, since Go 1.7+ has its ownhttp.Request.Context()implementation - Moved our CI to CircleCI - you can see the build dashboard here
CHANGELOG
38c9e46 Remove gorilla/context as part of pre-1.7 support (#114)
3719438 (elithrar/go-mod) [build] Add CircleCI config (#112)
d162037 [docs] Improve JS header/form instructions (#103)
40703b8 Update and rename stale to stale.yml (#102)
1db7df7 Merge pull request #101 from gorilla/stalebot
472e852 [docs] Add a "Reviewed by Hound" badge (#98)
abcfd25 (origin/stalebot) Add stalebot config
f903b4e README.md: Update site URL
10bfafc [docs] Note that developers should check the HTTP method (#91)
d690280 Merge pull request #88 from gorilla/elithrar/corporate-overlords
Published by elithrar over 6 years ago
gorilla/csrf defines a go.mod file and correctly defines a SemVer version (v1.5.1) to support versioning in upcoming releases of Go.
Published by elithrar almost 8 years ago
Uses the new request.Context from Go 1.7 for Go 1.7 automatically. Note that gorilla/context is incompatible with Go 1.7.
6958173 [doc] Fixed readme mux path prefix (#51)
10e8fd1 [docs] Fix a few minor typos in examples. (#54)
fdae182 docs: fix minor typo (#50)
7f54448 [docs] Fix incorrect function name in docs (#49)
bbe6687 [docs] Fix syntax typo (#48)
0ff6a2c [docs] Improve commented code (#46)
a8abe8a [docs] Mentions passing csrf.Secure(false) in local dev environments.
a9c30ae [bugfix] Remove dependency on gorilla/context for go1.7+ (#42)
4642ecf [bugfix] Support a cookie MaxAge of 0. (#39)
101aaa4 Merge branch 'master' of github.com:gorilla/csrf
2a06c32 [ci] Add 1.6; skip install block; don't simplify.
0bb4971 [deps] Move from errors -> github.com/pkg/errors
dd1bce8 [deps] Move from errors -> github.com/pkg/errors
Published by elithrar over 8 years ago
- With Go 1.7's
net/httppackage growing support for context.Context as part ofhttp.Request, gorilla/csrf now uses the context to pass CSRF tokens and other metadata alongside the request instead of gorilla/context. - NOTE: There is a minor breaking change with
UnsafeSkipCheck- it now returns a*http.Request. Existing applications will "fail closed" (i.e. CSRF will be enforced again). Since this was a relatively new feature (less than a week old) the impact of this should be very minor.
Published by elithrar over 8 years ago
v1.3 includes an important security fix for users of Go 1.2 (Debian <=7, Ubuntu <=14.10, etc.). This would cause token comparison to fail: https://groups.google.com/forum/#!topic/gorilla-web/G3aIFrm0LVI
CHANGELOG:
- [bugfix] Token comparison could fail on versions of Go < 1.3.
- [ci] Updated Travis to use matrix builds.
Published by elithrar almost 9 years ago
CHANGELOG:
- [feature] Custom field names are now passed to TemplateField implicitly.
- [feature] Expose an Option type for building functional options.
- [ci] Run go vet, gofmt and the race detector during tests
ADDENDUM:
Note that gorilla/csrf respects SemVer as defined at http://semver.org/ but will not make backward-incompatible changes unless a security fix requires it (which is extremely unlikely given the small API of the package!). "MINOR" versions as defined in SemVer will encapsulate additions to the API or resolving implicit behaviour, whereas "PATCH" versions will typically encapsulate documentation changes or clarifications.
