It is broken when used with https://github.com/justinas/nosurf/ because...
- If token failed to validate, and 400 response has been written, the handler chain is not stopped which defeat the purpose.
- nosurf replaced the request with key embedded in context value, and such the original request must be replaced. Otherwise there is no way to get the token out in the handler and place it in HTML tag or alike.
Here is my fix attempt: justinas/nosurf#30 (comment)
It is broken when used with https://github.com/justinas/nosurf/ because...
Here is my fix attempt: justinas/nosurf#30 (comment)