diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2022-11-29 22:20:34 +0100 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2022-11-29 22:20:34 +0100 |
commit | 4878495914fb9701bedc242eb5087394138c8ee3 (patch) | |
tree | c69e057b09f8a270211e17fe6680058d14af6a63 | |
parent | 16579fdf7f4c089b872863400dc0368c6bb5911d (diff) |
Don't check CSRF for manage and edit methods
-rw-r--r-- | src/http/api.go | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/http/api.go b/src/http/api.go index 480f826..ffe0f25 100644 --- a/src/http/api.go +++ b/src/http/api.go @@ -262,19 +262,21 @@ func (a *api) handler() http.Handler { mux.Handle("/", a.blogHandler()) + noCacheMiddleware := addResponseHeadersMiddleware(map[string]string{ + "Cache-Control": "no-store, max-age=0", + "Pragma": "no-cache", + "Expires": "0", + }) + h := applyMiddlewares( apiutil.MethodMux(map[string]http.Handler{ - "GET": applyMiddlewares( - mux, - ), + "GET": applyMiddlewares(mux), + "MANAGE": applyMiddlewares(mux, noCacheMiddleware), + "EDIT": applyMiddlewares(mux, noCacheMiddleware), "*": applyMiddlewares( mux, a.checkCSRFMiddleware, - addResponseHeadersMiddleware(map[string]string{ - "Cache-Control": "no-store, max-age=0", - "Pragma": "no-cache", - "Expires": "0", - }), + noCacheMiddleware, ), }), setLoggerMiddleware(a.params.Logger), |