web: rename CSRF header (#6027)

go.mod

@@ -62,7 +62,7 @@ require (
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
-	gopkg.in/ini.v1 v1.53.0
+	gopkg.in/ini.v1 v1.54.0
 	gopkg.in/ldap.v2 v2.5.1
 	gopkg.in/macaron.v1 v1.3.5
 	unknwon.dev/clog/v2 v2.1.2

internal/cmd/web.go

@@ -154,7 +154,7 @@ func newMacaron() *macaron.Macaron {
 	}))
 	m.Use(csrf.Csrfer(csrf.Options{
 		Secret:         conf.Security.SecretKey,
-		Header:         "X-Csrf-Token",
+		Header:         "X-CSRF-Token",
 		Cookie:         conf.Session.CSRFCookieName,
 		CookieDomain:   conf.Server.URL.Hostname(),
 		CookiePath:     conf.Server.Subpath,