* Merge remote-tracking branch 'refs/remotes/origin/dev' into fix-for-csrf
Fix CSRF protection
Seems like it doesn't work anymore...
I tried to
fix it but couldn't get /api without csrf. So I changed the
dependency
for another csrf package (nosurf).
Behavior: Same as previously. You
just have to include the block
csrf_token
* changing dependency to nosurf
* Added new dep: gorilla/csrf
* CSRF field in forms
* CSRF variable in commontemplatevariables
* New key for messages and user context
Please change EnableSecureCSRF to false when testing locally and don't
merge config/env.go with the changes
As we have seen, dependencies version can prevent the build. We should
user lock versions on dependencies that we know work:
* Packages are vendored
* Add Godep support
* Added addtional install step in readme
* Fix travis build error
akuma06
Atvaark
Eliot Whalan
Jeff Becker