🐛 [Bug]: csrf cookie middleware encryption

[mybigman]

Bug Description

When using the csrf middleware without changing the cookie name the cookie value is in plain text.

When you change the cookie name the value becomes encrypted.

How to Reproduce

see code below...

Expected Behavior

I expect to see it encrypted no matter what since I am using encryptcookie middleware.

Everything still works just very odd behavior.

Fiber Version

Fiber v2.38.1

Code Snippet (optional)

package main

import (
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/fiber/v2/middleware/csrf"
	"github.com/gofiber/fiber/v2/middleware/encryptcookie"
)

func main() {
	app := fiber.New()

	app.Use(encryptcookie.New(encryptcookie.Config{
		Key: "blah blah",
	}))

	app.Use(csrf.New(csrf.Config{
		KeyLookup:      "form:pid",
		CookieName:     "csrf_1", // set encrypts - unset plain text
		CookieHTTPOnly: true,
	}))

	app.Listen(":8081")
}

Checklist:

• I agree to follow Fiber's Code of Conduct.
• I have checked for existing issues that describe my problem prior to opening this one.
• I understand that improperly formatted bug reports may be closed without explanation.

[ReneWerner87]

we skip some of the cookies in the encryption https://github.com/gofiber/fiber/blob/master/middleware/encryptcookie/config.go#L37
otherwise it is hard to know if the cookie value in the crsf middleware is encrypted or not

implemented in bff8843
@amir9480 can you help here with some explaintions

[amir9480]

@mybigman
Encrypting the csrf cookie value can cause issues for your app. You should add your csrf key (csrf_1) in encryptcookie Except configuration.

app.Use(encryptcookie.New(encryptcookie.Config{
    Key: "blah blah",
	Except: []string{"csrf_1"},
}))

Please check #1631.