beego: XSRF support Controller level fix #610

default value is true when you Enable Global XSRF, also can control in
the prepare function to change the value.

@@ -47,6 +47,7 @@ type Controller struct {
 	XSRFExpire     int
 	XSRFExpire     int
 	AppController  interface{}
 	AppController  interface{}
 	EnableRender   bool
 	EnableRender   bool
+	EnableXSRF     bool
 }
 }
 
 
 // ControllerInterface is an interface to uniform all controller handler.
 // ControllerInterface is an interface to uniform all controller handler.
@@ -76,6 +77,7 @@ func (c *Controller) Init(ctx *context.Context, controllerName, actionName strin
 	c.TplExt = "tpl"
 	c.TplExt = "tpl"
 	c.AppController = app
 	c.AppController = app
 	c.EnableRender = true
 	c.EnableRender = true
+	c.EnableXSRF = true
 	c.Data = ctx.Input.Data
 	c.Data = ctx.Input.Data
 }
 }
 
 
@@ -441,6 +443,9 @@ func (c *Controller) XsrfToken() string {
 // the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
 // the token can provided in request header "X-Xsrftoken" and "X-CsrfToken"
 // or in form field value named as "_xsrf".
 // or in form field value named as "_xsrf".
 func (c *Controller) CheckXsrfCookie() bool {
 func (c *Controller) CheckXsrfCookie() bool {
+	if !c.EnableXSRF {
+		return true
+	}
 	token := c.GetString("_xsrf")
 	token := c.GetString("_xsrf")
 	if token == "" {
 	if token == "" {
 		token = c.Ctx.Request.Header.Get("X-Xsrftoken")
 		token = c.Ctx.Request.Header.Get("X-Xsrftoken")

@@ -906,6 +906,9 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 			//call the controller init function
 			//call the controller init function
 			execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
 			execController.Init(context, runrouter.Name(), runMethod, vc.Interface())
 
 
+			//call prepare function
+			execController.Prepare()
+
 			//if XSRF is Enable then check cookie where there has any cookie in the  request's cookie _csrf
 			//if XSRF is Enable then check cookie where there has any cookie in the  request's cookie _csrf
 			if EnableXSRF {
 			if EnableXSRF {
 				execController.XsrfToken()
 				execController.XsrfToken()
@@ -915,9 +918,6 @@ func (p *ControllerRegistor) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 				}
 				}
 			}
 			}
 
 
-			//call prepare function
-			execController.Prepare()
-
 			if !w.started {
 			if !w.started {
 				//exec main logic
 				//exec main logic
 				switch runMethod {
 				switch runMethod {

@@ -186,16 +186,21 @@ func Htmlunquote(src string) string {
 
 
 // UrlFor returns url string with another registered controller handler with params.
 // UrlFor returns url string with another registered controller handler with params.
 //	usage:
 //	usage:
+//
 //	UrlFor(".index")
 //	UrlFor(".index")
 //	print UrlFor("index")
 //	print UrlFor("index")
+//  router /login
 //	print UrlFor("login")
 //	print UrlFor("login")
 //	print UrlFor("login", "next","/"")
 //	print UrlFor("login", "next","/"")
-//	print UrlFor("profile", "username","John Doe")
+//  router /profile/:username
+//	print UrlFor("profile", ":username","John Doe")
 //	result:
 //	result:
 //	/
 //	/
 //	/login
 //	/login
 //	/login?next=/
 //	/login?next=/
 //	/user/John%20Doe
 //	/user/John%20Doe
+//
+//  more detail http://beego.me/docs/mvc/controller/urlbuilding.md
 func UrlFor(endpoint string, values ...string) string {
 func UrlFor(endpoint string, values ...string) string {
 	return BeeApp.UrlFor(endpoint, values...)
 	return BeeApp.UrlFor(endpoint, values...)
 }
 }