blackroad-os/backroad
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(csrf): disable csrf secure cookie EE-6787 (#11300)

Browse Source
This commit is contained in:
cmeng
2024-03-13 11:22:11 +13:00
committed by GitHub
parent 506ee389e3
commit a2a4c85f2d
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/http/csrf/csrf.go
View File

@@ -21,7 +21,11 @@ func WithProtect(handler http.Handler) (http.Handler, error) {
return nil, fmt.Errorf("failed to generate CSRF token: %w", err)
}
handler = gorillacsrf.Protect([]byte(token), gorillacsrf.Path("/"))(handler)
handler = gorillacsrf.Protect(
[]byte(token),
gorillacsrf.Path("/"),
gorillacsrf.Secure(false),
)(handler)
return withSkipCSRF(handler), nil
}