Cross-Site Request Forgery (CSRF)
github.com/gorilla/csrf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to improper origin validation caused by relying on the r.URL.Scheme field to detect TLS, which is not set for server requests, allowing an attacker with XSS on a related domain to perform...