Fix CSRF token generator
This commit is contained in:
parent
aca9734b14
commit
95fdc4baff
|
|
@ -13,9 +13,9 @@ import (
|
||||||
// CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
|
// CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
|
||||||
func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
|
func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
|
||||||
middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
||||||
if r.Method == "POST" {
|
|
||||||
session := sessions.Get(r)
|
session := sessions.Get(r)
|
||||||
token := GenerateCSRFToken(w, r, session)
|
token := GenerateCSRFToken(w, r, session)
|
||||||
|
if r.Method == "POST" {
|
||||||
if token != r.FormValue("_csrf") {
|
if token != r.FormValue("_csrf") {
|
||||||
log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
|
log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
|
||||||
onError(w, r, "Failed to validate CSRF token. Please try your request again.")
|
onError(w, r, "Failed to validate CSRF token. Please try your request again.")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user