[Golang/CVE] Why Your Playwright Tests Might Fail After Updating gorilla/csrf to Fix CVE-2024-24787

After updating the github.com/gorilla/csrf package in your Go backend from v1.7.2 to v1.7.3, you might suddenly notice that your Playwright tests start failing — specifically with 403 Forbidden responses. What Changed? This update addresses a security vulnerability: CVE-2024-24787. It’s a Golang backend issue, not related to WebSocket libraries like ws, despite what some GitHub advisory titles might misleadingly suggest. In v1.7.3, gorilla/csrf now strictly enforces same-site origin checks using the Origin and Referer headers. If these headers are missing or don’t match the expected host, CSRF validation fails, and the request is blocked with a 403. ...

[Golang] Why You Should Use errors.As Instead of Type Assertions err.(*MyError)

Introduction Go 1.13 introduced powerful features for error wrapping and introspection — namely errors.Is and errors.As. While it’s tempting to reach for traditional type assertions (e.g., err.(*MyError)), there’s a safer and more idiomatic tool for the job: errors.As. This post explains why you should use errors.As over type assertions, with clear examples for both concrete error structs and interfaces like net.Error. The Problem with Type Assertions Consider the old way of checking if an error is of a specific type: ...

[Web/Golang] What is CORS Error and How to Fix it in Golang

If you search Cors error, you can find tons of answers. But most of them are not clear enough to understand, especially you are new to web development. So I will explain what is Cors error and how to fix it in Golang. 1. What is Cors? CORS stands for Cross-Origin Resource Sharing. It is a security feature implemented by web browsers to control how web pages in one domain can request and interact with resources hosted on another domain. ...

[Golang] Retaining Specific Folders and Removing the Rest under A Target Path

Let’s consider a situation where there are multiple folders located under a specific path, and we only have the names of a few folders that we want to retain while removing the rest. For instance, the folder structure is presented below, with all entries being folders: ├── 123123 ├── 123456 ├── 123678 ├── 123789 ├── target-folder-1 └── target-folder-2 To tackle this scenario, we can approach it in two logical ways: Firstly, we can move the known folders to a different folder at the same level as the target path, as a temporary measure. Then, we can delete the target path and rename the temporary folder to match the path name. Alternatively, we can traverse through the target path and eliminate all folders except those we intend to keep. In this post, I will demonstrate how to implement the second method using Golang. ...

[ent/SQLite3] insert nodes to table "users": near "RETURNING": syntax error

Problem If you use ent with sqlite3 driver in your Golang project, you may encounter the following error when you try to insert a new record to the table. insert nodes to table "users": near "RETURNING": syntax error Analysis The error message indicates that the sqlite3 driver does not support the RETURNING clause. If you are using Golang sqlite3 package github.com/mattn/go-sqlite3 in your project. The issue may be caused by the version of the package. ...

[Golang/VSCode] Master Golang Debugging in VSCode: Step-by-Step Guide with Delve

Introduction If you are rocking VSCode as your IDE for Golang development and haven’t installed the debugger, I would recommend you to do it now. And Don’t worry, I’ve got your back. In this friendly guide, I’m going to walk you through the process of setting up and configuring the Golang debugger in VSCode. Step by step guide 1. Install the Debugger for Golang Delve, a fantastic open-source project, is your go-to debugging companion for Golang in VSCode. This powerful tool works like a charm on Linux, macOS, Windows, and FreeBSD. For this guide, we’ll focus on Windows, but the steps remain consistent across other platforms ...

Golang timeout feature - Illustration depicting a clock and a task symbolizing the implementation of a timeout feature in Golang

[Golang] Implementing Timeout Feature in Golang for Efficient Task Processing and Error Handling

Let’s dive into an exciting scenario to explore how we can jazz up our Golang code with a cool timeout feature! Imagine this: you’re building an awesome application and you want to delegate a task to a third-party API. But here’s the catch - the processing time for this task is unpredictable. To add some spice to the mix, you decide to set a timeout for the task. If the third-party API takes too long and doesn’t return the result within the timeout, we’ll label it as error and move on, regardless of whether it eventually responds or not. We’re all about efficiency here! However, if the API does manage to return the result within the timeout, we’ll update the task status accordingly. ...

[WSL] cgo: C compiler 'gcc' not found

When I first time built a Golang project from VS Code wsl mode, I got the below error: Build Error: go build -o /home/oscar/source/github.com/xx/xx/__debug_bin -gcflags all=-N -l . # runtime/cgo cgo: C compiler "gcc" not found: exec: "gcc": executable file not found in $PATH (exit status 2) My first reaction for this error is to install the gcc compiler in my Windows environment. However, the solution is actually to install gcc compiler in the wsl environment. ...

[Golang] go get: fatal: could not read Username for 'xxx': terminal prompts disabled

1. Error 1: fatal: could not read Username for 'https://github.com': terminal prompts disabled The issue appears when I tried to download a private golang repository by the command go get github.com/oscarzhou/private-helloworld. The completed error shows as below: % go get github.com/oscarzhou/private-helloworld go: module github.com/oscarzhou/private-helloworld: git ls-remote -q origin in /Users/oscarzhou/go/pkg/mod/cache/vcs/c5fb5660c8bfa54f1b957fc4e651ac76f19b939fc9015bf3bcbc21a34c925af7: exit status 128: fatal: could not read Username for 'https://github.com': terminal prompts disabled Confirm the import path was entered correctly. If this is a private repository, see https://golang.org/doc/faq#git_https for additional information. If you have already googled this issue, you may find that most of the answers tell you to configure your git as shown below: ...

[VSCode] module lookup disabled by GOPROXY

Sometimes when I open the Golang project with VSCode, some import packages are highlighted with error underline and the error message is like below error while importing github.com/jpillora/chisel/client: module lookup disabled by GOPROXY=off If you are sure that the packages are downloaded already, reloading the VSCode window should solve the issue.

DigitalOcean Referral Badge
Sign up to get $200, 60-day account credit !