Fix CSRF token generator
This commit is contained in:
parent
aca9734b14
commit
95fdc4baff
|
@ -13,9 +13,9 @@ import (
|
|||
// CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
|
||||
func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
|
||||
middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
||||
if r.Method == "POST" {
|
||||
session := sessions.Get(r)
|
||||
token := GenerateCSRFToken(w, r, session)
|
||||
if r.Method == "POST" {
|
||||
if token != r.FormValue("_csrf") {
|
||||
log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
|
||||
onError(w, r, "Failed to validate CSRF token. Please try your request again.")
|
||||
|
|
Loading…
Reference in New Issue
Block a user