Techly NewsGet the app

Get the latest tech news

A modern approach to preventing CSRF in Go


Not sure how to structure your Go web application? My new book guides you through the start-to-finish build of a real world web application in Go — covering topics like how to structure your code, manage dependencies, create dynamic database-driven pages, and how to authenticate and authorize users securely.Take a look! Go 1.25 introduced a new http.CrossOriginProtection middleware to the standard library — and it got me wondering: Have we finally reached the point where CSRF attacks can be prevented without relying on a token-based check (like double-submit cookies)? Can we build secure web applications without bringing in third-party packages like justinas/nosurf or gorilla/csrf? And I think the answer now may be a cautious “yes” — so long as a few important conditions are met. If you want to skip the explanations and just want to see what those conditions are, you can click here.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CSRF

CSRF

Photo of modern approach

modern approach

Related news:

News photo

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

« Vietnam’s Hot Streak Builds on Apple Home Hub Bet, Trade Boom
DOJ seizes $15B in Bitcoin from 'pig butchering' scam based in Cambodia »