# Missing CSRF Protection (Gin)

- ID: go-gin-missing-csrf-protection
- Severity: HIGH
- CWE: Cross-Site Request Forgery (CWE-352)
- Languages: Go
- Frameworks: gin

## Description

State-changing endpoints lack CSRF token protection.

## Detection Message

State-changing endpoints lack CSRF protection

## Remediation

Add CSRF middleware using gin-csrf.

```go
import "github.com/utrack/gin-csrf"

r := gin.Default()
r.Use(csrf.Middleware(csrf.Options{
    Secret: os.Getenv("CSRF_SECRET"),
}))
r.POST("/transfer", transferHandler)
```

Learn more: https://shoulder.dev/learn/go/cwe-352/csrf-protection

## Documentation

[object Object]

## Related Rules

- **Angular Missing HTTP Security Interceptor** [HIGH]: 
- **Django Missing CSRF Protection** [HIGH]: