Fix CSRF token generator

2018-04-11 19:53:41 -07:00 · 2018-04-11 19:53:41 -07:00 · 95fdc4baff
commit 95fdc4baff
parent aca9734b14
1 changed files with 2 additions and 2 deletions
--- a/internal/middleware/csrf.go
+++ b/internal/middleware/csrf.go
@ -13,9 +13,9 @@ import (
 // CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
 func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
 	middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
-		if r.Method == "POST" {
 		session := sessions.Get(r)
 		token := GenerateCSRFToken(w, r, session)
+		if r.Method == "POST" {
 			if token != r.FormValue("_csrf") {
 				log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
 				onError(w, r, "Failed to validate CSRF token. Please try your request again.")