diff options
author | Brian Picciano <mediocregopher@gmail.com> | 2021-08-29 22:15:58 -0600 |
---|---|---|
committer | Brian Picciano <mediocregopher@gmail.com> | 2021-08-29 22:15:58 -0600 |
commit | 15ae483fadbd136acefcd602b2f2ac5a83165c73 (patch) | |
tree | 0f25ed1dd81e4fffeed6055dd02da48a567c8fb2 /srv/api/api.go | |
parent | 5746a510fc569fd464e46b646d4979a976ad769b (diff) |
add CSRF checking
Diffstat (limited to 'srv/api/api.go')
-rw-r--r-- | srv/api/api.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/srv/api/api.go b/srv/api/api.go index 39d73d9..bbb677a 100644 --- a/srv/api/api.go +++ b/srv/api/api.go @@ -142,6 +142,8 @@ func (a *api) handler() http.Handler { staticHandler = httputil.NewSingleHostReverseProxy(a.params.StaticProxy) } + staticHandler = setCSRFMiddleware(staticHandler) + // sugar requirePow := func(h http.Handler) http.Handler { return a.requirePowMiddleware(h) @@ -163,7 +165,9 @@ func (a *api) handler() http.Handler { apiMux.Handle("/mailinglist/finalize", a.mailingListFinalizeHandler()) apiMux.Handle("/mailinglist/unsubscribe", a.mailingListUnsubscribeHandler()) - apiHandler := logMiddleware(a.params.Logger, apiMux) + var apiHandler http.Handler = apiMux + apiHandler = checkCSRFMiddleware(apiHandler) + apiHandler = logMiddleware(a.params.Logger, apiHandler) apiHandler = annotateMiddleware(apiHandler) apiHandler = addResponseHeaders(map[string]string{ "Cache-Control": "no-store, max-age=0", |