24543150534
84%
master: 85%

Ran 17 Apr 2026 01:35AM UTC

Jobs 1

Files 24

Run time 1min

Badge

Embed ▾

Committed 17 Apr 2026 01:34AM UTC coverage: 84.247%. Remained the same

Build # 24543150534

Build Type

Pull #274

github

Committed by

paskal

Commit Message

docs: recommend pairing with http.CrossOriginProtection for browser apps

The JWT XSRF check only fires when the JWT arrives in a cookie and
only after a request reaches the auth middleware. For browser-based
apps the recommended additional defence is Go 1.25's stdlib
http.CrossOriginProtection, which checks Sec-Fetch-Site at the HTTP
layer and so catches cross-origin requests regardless of how (or
whether) auth is carried.

Documentation only -- no API changes.

Pull Request Pull Request #274: docs: recommend pairing with http.CrossOriginProtection for browser apps

Coverage Stats

2706 of 3212 relevant lines covered (84.25%)

7.26 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	24543150534.1	17 Apr 2026 01:35AM UTC	24	84.25	GitHub Action Run

go-pkgz / auth / 24543150534
84%
master: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24543150534

go-pkgz / auth / 24543150534 84% master: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24543150534

go-pkgz / auth / 24543150534
84%
master: 85%

README BADGES
x