I am using the Appengine Blob store example and it works fine (I modified to take two files but that is not the issue). However, when I turn on nosurf it gives me a HTTP 400. I am passing in the csrf token to my form. The issue exists even if I just upload one file.
nosurf works just fine for other forms but only gives me trouble with blobstore file upload.
Since the code is large (it is the just the example with some minor tweaks), I have put it here: http://play.golang.org/p/SJADmn-WvJ (of course you cannot run it there as you need app-engine and nosurf)
Small parts of the code:
const rootTemplateHTML = `
<html><body>
<form action="{{.UpUrl}}" method="POST" enctype="multipart/form-data">
Upload File: <input type="file" name="file1"><br>
Upload File: <input type="file" name="file2"><br>
<input type="hidden" name="csrf_token" value="{{ .Token }}">
<input type="submit" name="submit" value="Submit">
</form>
</body></html>
`
This does not work:
http.Handle("/", nosurf.New(http.HandlerFunc(handleRoot)))
http.Handle("/upload", nosurf.New(http.HandlerFunc(handleUpload)))
http.HandleFunc("/serve/", handleServe)
But this works (no 400 status):
http.HandleFunc("/", handleRoot)
http.HandleFunc("/serve/", handleServe)
http.HandleFunc("/upload", handleUpload)
Is this something to do with nosurf or app-engine? Any suggestions on what I should do to fix this issue?
Thanks!
