From 95fdc4baff7b30ba1b48b087ed6e35f1bf764157 Mon Sep 17 00:00:00 2001
From: Noah Petherbridge <root@kirsle.net>
Date: Wed, 11 Apr 2018 19:53:41 -0700
Subject: [PATCH] Fix CSRF token generator

---
 internal/middleware/csrf.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/middleware/csrf.go b/internal/middleware/csrf.go
index 9107624..11c4f53 100644
--- a/internal/middleware/csrf.go
+++ b/internal/middleware/csrf.go
@@ -13,9 +13,9 @@ import (
 // CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
 func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
 	middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
+		session := sessions.Get(r)
+		token := GenerateCSRFToken(w, r, session)
 		if r.Method == "POST" {
-			session := sessions.Get(r)
-			token := GenerateCSRFToken(w, r, session)
 			if token != r.FormValue("_csrf") {
 				log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
 				onError(w, r, "Failed to validate CSRF token. Please try your request again.")