From 4b6fe576677dfb6f075b816e1271d3bf0fff6bc9 Mon Sep 17 00:00:00 2001
From: Marc Alvarez <marcalvarez@fastmail.com>
Date: Wed, 18 Jun 2025 22:24:05 -0600
Subject: [PATCH 1/2] [REFACTOR] Remove custom contains in favor of std lib
 impl

---
 csrf.go    |  2 +-
 helpers.go | 12 ------------
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/csrf.go b/csrf.go
index 5dda254..a4d29a2 100644
--- a/csrf.go
+++ b/csrf.go
@@ -254,7 +254,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	// HTTP methods not defined as idempotent ("safe") under RFC7231 require
 	// inspection.
-	if !contains(safeMethods, r.Method) {
+	if !slices.Contains(safeMethods, r.Method) {
 		var isPlaintext bool
 		val := r.Context().Value(PlaintextHTTPContextKey)
 		if val != nil {
diff --git a/helpers.go b/helpers.go
index 99005ee..1c9d5b6 100644
--- a/helpers.go
+++ b/helpers.go
@@ -189,18 +189,6 @@ func xorToken(a, b []byte) []byte {
 	return res
 }
 
-// contains is a helper function to check if a string exists in a slice - e.g.
-// whether a HTTP method exists in a list of safe methods.
-func contains(vals []string, s string) bool {
-	for _, v := range vals {
-		if v == s {
-			return true
-		}
-	}
-
-	return false
-}
-
 // envError stores a CSRF error in the request context.
 func envError(r *http.Request, err error) *http.Request {
 	return contextSave(r, errorKey, err)

From cac82e8602f329542576ec43d7f3cc7d182768cf Mon Sep 17 00:00:00 2001
From: Marc Alvarez <marcalvarez@fastmail.com>
Date: Wed, 18 Jun 2025 22:40:10 -0600
Subject: [PATCH 2/2] [REFACTOR] Handle close err + simplify to replaceall

---
 csrf_test.go    | 2 +-
 helpers_test.go | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/csrf_test.go b/csrf_test.go
index 0281680..8338f47 100644
--- a/csrf_test.go
+++ b/csrf_test.go
@@ -153,7 +153,7 @@ func TestBadCookie(t *testing.T) {
 	r = createRequest("POST", "/", false)
 
 	// Replace the cookie prefix
-	badHeader := strings.Replace(cookieName+"=", rr.Header().Get("Set-Cookie"), "_badCookie", -1)
+	badHeader := strings.ReplaceAll(cookieName+"=", rr.Header().Get("Set-Cookie"), "_badCookie")
 	r.Header.Set("Cookie", badHeader)
 	r.Header.Set("X-CSRF-Token", token)
 	r.Header.Set("Referer", "http://www.gorillatoolkit.org/")
diff --git a/helpers_test.go b/helpers_test.go
index f40c996..035a0b0 100644
--- a/helpers_test.go
+++ b/helpers_test.go
@@ -102,7 +102,10 @@ func TestMultipartFormToken(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	mp.Close()
+	err = mp.Close()
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	r = httptest.NewRequest("POST", "/", &b)
 	r.Host = "www.gorillatoolkit.org"