james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-09-13 09:55:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

simple csrf protection

Browse Source
This commit is contained in:
Nazar Kanaev
2021-01-04 14:15:28 +00:00
parent fa0237b546
commit d6c2ba5812
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/server.go
View File

@@ -43,6 +43,10 @@ func (h *Handler) Start() {
}
}
func unsafeMethod(method string) bool {
return method == "POST" || method == "PUT" || method == "DELETE"
}
func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
route, vars := getRoute(req)
if route == nil {
@@ -51,6 +55,10 @@ func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
}
if h.requiresAuth() && !route.manualAuth {
if unsafeMethod(req.Method) && req.Header.Get("X-Requested-By") != "yarr" {
rw.WriteHeader(http.StatusUnauthorized)
return
}
if !userIsAuthenticated(req, h.Username, h.Password) {
rw.WriteHeader(http.StatusUnauthorized)
return