Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
chore: fix CSRF (#876)
  • Loading branch information
boojack committed Dec 29, 2022
1 parent 64e5c34 commit c9bb2b7
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions server/acl.go
Expand Up @@ -27,6 +27,7 @@ func setUserSession(ctx echo.Context, user *api.User) error {
Path: "/",
MaxAge: 3600 * 24 * 30,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
sess.Values[userIDContextKey] = user.ID
err := sess.Save(ctx.Request(), ctx.Response())
Expand Down
4 changes: 4 additions & 0 deletions server/server.go
Expand Up @@ -36,6 +36,10 @@ func NewServer(profile *profile.Profile) *Server {
`"status":${status},"error":"${error}"}` + "\n",
}))

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
TokenLookup: "cookie:_csrf",
}))

e.Use(middleware.CORS())

e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
Expand Down

0 comments on commit c9bb2b7

Please sign in to comment.