added for csrf

2026-02-18 14:17:48 +08:00
parent f74c84df03
commit 732ed73d4f
1 changed files with 6 additions and 0 deletions
@@ -5,9 +5,15 @@ import (
 	"net/http"
 )

+const (
+	AccessControlExposeHeaders = "Access-Control-Expose-Headers"
+	XCsrfToken                 = "X-CSRF-Token"
+)
+
 // CSRFToken issues a CSRF token by relying on the CSRFMiddleware
 // to set the token in the response header and cookie on GET requests.
 func CSRFToken(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set(AccessControlExposeHeaders, XCsrfToken)
 	helper.RespondWithJSON(w, http.StatusOK, map[string]string{
 		"message": "CSRF token set",
 	})