From 4ea7f2704db410e9c8e55365d3ddb57f5a516d9e Mon Sep 17 00:00:00 2001
From: henrylee2cn <henrylee_cn@foxmail.com>
Date: Mon, 9 Apr 2018 17:58:09 +0800
Subject: [PATCH] fix XSRF

---
 context.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/context.go b/context.go
index 37ac7ee..afdf3a8 100644
--- a/context.go
+++ b/context.go
@@ -178,15 +178,16 @@ func (ctx *Context) checkXSRFCookie() bool {
 		return true
 	}
 	token := ctx.BizParam("_xsrf")
-	if token == "" {
-		token = ctx.CookieParam("_xsrf")
-	}
 	if token == "" {
 		token = ctx.R.Header.Get("X-Xsrftoken")
 	}
 	if token == "" {
 		token = ctx.R.Header.Get("X-Csrftoken")
 	}
+	// default cookie value
+	if token == "" {
+		token, _ = ctx.SecureCookieParam(ctx.frame.config.XSRF.Key, "_xsrf")
+	}
 	if token == "" {
 		ctx.Error(403, "'_xsrf' argument missing from POST")
 		return false