Merge pull request #19 from go-seatbelt/seatbelt/csrf-token-cookie-path

seabelt: force csrf cookie to path '/'
go-seatbelt · Jun 18, 2023 · 7d26ab0 · 7d26ab0
2 parents 8f50997 + 9d9ec75
commit 7d26ab0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/seatbelt.go b/seatbelt.go
@@ -408,7 +408,7 @@ func New(opts ...Option) *App {
 	// Initialize the underlying chi mux so that we can setup our default
 	// middleware stack.
 	mux := chi.NewRouter()
-	mux.Use(csrf.Protect(signingKey))
+	mux.Use(csrf.Protect(signingKey, csrf.Path("/")))
 
 	sess := session.New(signingKey, session.Options{
 		Name:   opt.SessionName,