summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Picciano <mediocregopher@gmail.com>2022-11-29 22:20:34 +0100
committerBrian Picciano <mediocregopher@gmail.com>2022-11-29 22:20:34 +0100
commit4878495914fb9701bedc242eb5087394138c8ee3 (patch)
treec69e057b09f8a270211e17fe6680058d14af6a63
parent16579fdf7f4c089b872863400dc0368c6bb5911d (diff)
Don't check CSRF for manage and edit methods
-rw-r--r--src/http/api.go18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/http/api.go b/src/http/api.go
index 480f826..ffe0f25 100644
--- a/src/http/api.go
+++ b/src/http/api.go
@@ -262,19 +262,21 @@ func (a *api) handler() http.Handler {
mux.Handle("/", a.blogHandler())
+ noCacheMiddleware := addResponseHeadersMiddleware(map[string]string{
+ "Cache-Control": "no-store, max-age=0",
+ "Pragma": "no-cache",
+ "Expires": "0",
+ })
+
h := applyMiddlewares(
apiutil.MethodMux(map[string]http.Handler{
- "GET": applyMiddlewares(
- mux,
- ),
+ "GET": applyMiddlewares(mux),
+ "MANAGE": applyMiddlewares(mux, noCacheMiddleware),
+ "EDIT": applyMiddlewares(mux, noCacheMiddleware),
"*": applyMiddlewares(
mux,
a.checkCSRFMiddleware,
- addResponseHeadersMiddleware(map[string]string{
- "Cache-Control": "no-store, max-age=0",
- "Pragma": "no-cache",
- "Expires": "0",
- }),
+ noCacheMiddleware,
),
}),
setLoggerMiddleware(a.params.Logger),