Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net: add xsrftoken.ValidFor #41438

Closed
ianlancetaylor opened this issue Sep 16, 2020 · 5 comments
Closed

x/net: add xsrftoken.ValidFor #41438

ianlancetaylor opened this issue Sep 16, 2020 · 5 comments
Labels
FrozenDueToAge Proposal Proposal-Accepted
Projects
Proposals (old)
Milestone
Unreleased

Comments

@ianlancetaylor
Copy link
Contributor

ianlancetaylor commented Sep 16, 2020
edited

The xrsftoken.Valid function checks whether a token generated by xsrftoken.Generate was created within the last 24 hours. Some services need to restrict tokens to shorter periods of time.

I propose a new function:

// ValidFor reports whether a token is a valid token returned by a call to Generate.
// The token is considered to be expired and invalid if it is older than the timeout duration.
func ValidFor(token, key, userID, actionID string, timeout time.Duration) bool
@ianlancetaylor ianlancetaylor added this to the Proposal milestone Sep 16, 2020
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals (old) Sep 16, 2020
@ianlancetaylor
Copy link
Contributor Author

Looks like the package was originally written by @adg , so, any opinions?

@adg
Copy link
Contributor

adg commented Sep 17, 2020

SGTM

@rsc rsc moved this from Incoming to Active in Proposals (old) Sep 23, 2020
@rsc rsc mentioned this issue Sep 23, 2020
Open
@rsc
Copy link
Contributor

rsc commented Sep 30, 2020

Based on the discussion above, this seems like a likely accept.

@rsc rsc moved this from Active to Likely Accept in Proposals (old) Sep 30, 2020
@rsc
Copy link
Contributor

rsc commented Oct 7, 2020

No change in consensus, so accepted.

@rsc rsc moved this from Likely Accept to Accepted in Proposals (old) Oct 7, 2020
@bynov bynov mentioned this issue Oct 7, 2020
Closed
@gopherbot
Copy link

Change https://golang.org/cl/260317 mentions this issue: x/net: add custom timeout support for valid func

@dmitshur dmitshur modified the milestones: Proposal, Unreleased Oct 7, 2020
@dmitshur dmitshur changed the title proposal: x/net: add xsrftoken.ValidFor x/net: add xsrftoken.ValidFor Oct 7, 2020
@golang golang locked and limited conversation to collaborators Oct 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Accepted
Projects
No open projects
Proposals (old)
Accepted
Milestone
Unreleased
Development

Successfully merging a pull request may close this issue.

xsrftoken: add custom timeout support for valid func
5 participants
@rsc @dmitshur @ianlancetaylor @adg @gopherbot