CSRF token encoded in Base64 gets escaped

[jamesli2021]

I tried to manually generate base64, set on the

and cookie and submit POST form.

...OYNzk0AeBCHts-Qcw==

and found = sign on the cookie is being escaped

...OYNzk0AeBCHts-Qcw%3D%3D

But it's working fine when the CSRF token is set by Echo. I wonder which caused the issue?

[aldas]

please provide small example - what is actually POSTED by the browser and maybe small html example of your form + js related to that. Without that it is hard to tell.

[jamesli2021]

In NodeJS, I could set

const csrf = Buffer.from(csrfToken, 'binary').toString('base64');

cookies.set('csrf', csrf {
            path: '/',
            httpOnly: true,
            sameSite: 'strict',
        });
        request.headers.set('Vary', 'Cookie');

Upon inspecting the cookies header in both Firefox and Microsoft Edge, they appear to be fine; however, submitting the form to Go app results in the == being escaped.
V3dzUVNJRlRPYWdaVnlyYWpuaEdqTmJvRlJQUmFzbVRxV2pzQWhieExsR2hkRGJCVkJYa3VDeXJ3b0hHdGN6Vw==

Submitted and validated base64 on both form and cookie shown "==" on NodeJS, appear to be fine and not escaped.

Nodejs on :3000 and Go on :8000 behind nginx reverse proxy.