ctx-csrf is Cross Site Request Forgery (CSRF) prevention middleware for older versions of Goji (https://goji.io). Use https://github.com/gorilla/csrf for new versions!
Our REST API will be used by our SPA web client as well as our customers. API will first look in the authorization header for API key and check for a session cookie if authorization header was missing.What would be the recommended approach if we want to skip the CSRF middleware if the API key is available.
Token, FailureReason, TemplateField and mask in helpers.go don't need the r *http.Request parameter. Are there any plans to clean that up? Simply removing it would be a breaking change. How would you like to deal with it, if at all?