security browser web csrf csrf-protection

does limiting the host in my mux prevent CSRF attacks?

If I have my mux router limited to accept requests only from my domain, then will that prevent a CSRF attack?

For example in my golang server I have all requests go through my baseRouter:

baseRouter := mux.NewRouter().Host(`{sub:.*}.myDomain.com`).Subrouter()

So wouldn't this mean that if a user was on another site some.attacker.net that posted a request off to my server, then it would simply get a 404 returned for every request because my server won't process any requests from other domains, thus preventing a CSRF attack, or am I basing this on some misconception?

Solution

No, because when attacker.example.com POSTs to mysite.example.org the host header will be set to mysite.example.org.

Gorilla has a package to enable you to protect against Cross Site Request Forgery.

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?