implementation of basic chat page which can show history and not much else

author: Brian Picciano <mediocregopher@gmail.com> 2021-09-02 17:02:20 -0600
committer: Brian Picciano <mediocregopher@gmail.com> 2021-09-02 17:02:20 -0600
commit: 34f44cb5d5d6316009f242d27d2f3d69f4d5b90e (patch)
tree: 116a6e2db06dac246e794d1bc7f9e8b0c04f22e9 /srv/api/csrf.go
parent: 6bebc3fae73b5f5f68e5de9e083635cfab9037b1 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/srv/api/csrf.go b/srv/api/csrf.go
index 0802d8a..13b6ec6 100644
--- a/srv/api/csrf.go
+++ b/srv/api/csrf.go
@@ -41,8 +41,14 @@ func checkCSRFMiddleware(h http.Handler) http.Handler {
 		if err != nil {
 			apiutils.InternalServerError(rw, r, err)
 			return
+		}
+
+		givenCSRFTok := r.Header.Get(csrfTokenHeaderName)
+		if givenCSRFTok == "" {
+			givenCSRFTok = r.FormValue("csrfToken")
+		}
 
-		} else if csrfTok == "" || r.Header.Get(csrfTokenHeaderName) != csrfTok {
+		if csrfTok == "" || givenCSRFTok != csrfTok {
 			apiutils.BadRequest(rw, r, errors.New("invalid CSRF token"))
 			return
 		}
author	Brian Picciano <mediocregopher@gmail.com>	2021-09-02 17:02:20 -0600
committer	Brian Picciano <mediocregopher@gmail.com>	2021-09-02 17:02:20 -0600
commit	34f44cb5d5d6316009f242d27d2f3d69f4d5b90e (patch)
tree	116a6e2db06dac246e794d1bc7f9e8b0c04f22e9 /srv/api/csrf.go
parent	6bebc3fae73b5f5f68e5de9e083635cfab9037b1 (diff)