Skip to content

x/net: add xsrftoken.ValidFor #41438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ianlancetaylor opened this issue Sep 16, 2020 · 5 comments
Closed

x/net: add xsrftoken.ValidFor #41438

ianlancetaylor opened this issue Sep 16, 2020 · 5 comments
Labels
FrozenDueToAge Proposal Proposal-Accepted
Milestone
Unreleased

Comments

@ianlancetaylor
Copy link
Member

ianlancetaylor commented Sep 16, 2020
edited
Loading

The xrsftoken.Valid function checks whether a token generated by xsrftoken.Generate was created within the last 24 hours. Some services need to restrict tokens to shorter periods of time.

I propose a new function:

// ValidFor reports whether a token is a valid token returned by a call to Generate.
// The token is considered to be expired and invalid if it is older than the timeout duration.
func ValidFor(token, key, userID, actionID string, timeout time.Duration) bool
@ianlancetaylor ianlancetaylor added this to the Proposal milestone Sep 16, 2020
@ianlancetaylor
Copy link
Member Author

Looks like the package was originally written by @adg , so, any opinions?

@adg
Copy link
Contributor

adg commented Sep 17, 2020

SGTM

@rsc rsc mentioned this issue Sep 23, 2020
Open
@rsc
Copy link
Contributor

rsc commented Sep 30, 2020

Based on the discussion above, this seems like a likely accept.

@rsc
Copy link
Contributor

rsc commented Oct 7, 2020

No change in consensus, so accepted.

@bynov bynov mentioned this issue Oct 7, 2020
Closed
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/260317 mentions this issue: x/net: add custom timeout support for valid func

@dmitshur dmitshur modified the milestones: Proposal, Unreleased Oct 7, 2020
@dmitshur dmitshur changed the title proposal: x/net: add xsrftoken.ValidFor x/net: add xsrftoken.ValidFor Oct 7, 2020
@golang golang locked and limited conversation to collaborators Oct 8, 2021
@rsc rsc moved this to Accepted in Proposals Aug 10, 2022
@rsc rsc added this to Proposals Aug 10, 2022
@rsc rsc removed this from Proposals Oct 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Accepted
Projects
None yet
Milestone
Unreleased
Development

Successfully merging a pull request may close this issue.

xsrftoken: add custom timeout support for valid func
5 participants
@rsc @dmitshur @ianlancetaylor @adg @gopherbot