From 9d9ec75d58d180b03f9cdf74d7967b092503a98e Mon Sep 17 00:00:00 2001
From: Ben Tranter <ben@bentranter.io>
Date: Sat, 17 Jun 2023 23:24:49 -0400
Subject: [PATCH] seabelt: force csrf cookie to path '/'

---
 seatbelt.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/seatbelt.go b/seatbelt.go
index d299d2b..34255f8 100644
--- a/seatbelt.go
+++ b/seatbelt.go
@@ -408,7 +408,7 @@ func New(opts ...Option) *App {
 	// Initialize the underlying chi mux so that we can setup our default
 	// middleware stack.
 	mux := chi.NewRouter()
-	mux.Use(csrf.Protect(signingKey))
+	mux.Use(csrf.Protect(signingKey, csrf.Path("/")))
 
 	sess := session.New(signingKey, session.Options{
 		Name:   opt.SessionName,