aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middleware/csrf.go
diff options
context:
space:
mode:
Diffstat (limited to 'server/middleware/csrf.go')
-rw-r--r--server/middleware/csrf.go50
1 files changed, 0 insertions, 50 deletions
diff --git a/server/middleware/csrf.go b/server/middleware/csrf.go
deleted file mode 100644
index 0c07e42..0000000
--- a/server/middleware/csrf.go
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2017 Frédéric Guillot. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package middleware
-
-import (
- "context"
- "log"
- "net/http"
-
- "github.com/miniflux/miniflux2/helper"
-)
-
-// Csrf is a middleware that handle CSRF tokens.
-func Csrf(next http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- var csrfToken string
-
- csrfCookie, err := r.Cookie("csrfToken")
- if err == http.ErrNoCookie || csrfCookie.Value == "" {
- csrfToken = helper.GenerateRandomString(64)
- cookie := &http.Cookie{
- Name: "csrfToken",
- Value: csrfToken,
- Path: "/",
- Secure: r.URL.Scheme == "https",
- HttpOnly: true,
- }
-
- http.SetCookie(w, cookie)
- } else {
- csrfToken = csrfCookie.Value
- }
-
- ctx := r.Context()
- ctx = context.WithValue(ctx, CsrfContextKey, csrfToken)
-
- w.Header().Add("Vary", "Cookie")
- isTokenValid := csrfToken == r.FormValue("csrf") || csrfToken == r.Header.Get("X-Csrf-Token")
-
- if r.Method == "POST" && !isTokenValid {
- log.Println("[Middleware:CSRF] Invalid or missing CSRF token!")
- w.WriteHeader(http.StatusBadRequest)
- w.Write([]byte("Invalid or missing CSRF token!"))
- } else {
- next.ServeHTTP(w, r.WithContext(ctx))
- }
- })
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-11 09:06:45 +0000