24542951587
84%
master: 85%

Ran 17 Apr 2026 01:30AM UTC

Jobs 1

Files 24

Run time 1min

Badge

Embed ▾

Committed 17 Apr 2026 01:26AM UTC coverage: 84.247%. Remained the same

Build # 24542951587

Build Type

Pull #274

github

Committed by

paskal

Commit Message

v2: add CrossOriginProtection middleware for browser apps

Add middleware.CrossOriginProtection() as a thin discoverable wrapper
around go-pkgz/rest's CrossOriginProtection (which is backed by the
stdlib http.CrossOriginProtection on Go 1.25+).

The existing JWT XSRF check only fires when the JWT arrives in a
cookie and only after a request reaches the auth middleware. The new
middleware checks Sec-Fetch-Site / Origin at the HTTP layer and so
catches cross-origin requests regardless of how (or whether) auth is
carried, which matters for non-cookie auth flows and for subdomain
attacks that SameSite=Lax does not cover.

Bumps go-pkgz/rest from v1.20.4 to v1.21.0 (the version that exposes
the wrapped middleware). README updated with usage and rationale.

Pull Request Pull Request #274: v2: add CrossOriginProtection middleware for browser apps

Coverage Stats

2706 of 3212 relevant lines covered (84.25%)

7.26 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	24542951587.1	17 Apr 2026 01:30AM UTC	24	84.25	GitHub Action Run

go-pkgz / auth / 24542951587
84%
master: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24542951587

go-pkgz / auth / 24542951587 84% master: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24542951587

go-pkgz / auth / 24542951587
84%
master: 85%

README BADGES
x