summaryrefslogtreecommitdiff
path: root/srv/src/http/api.go
diff options
context:
space:
mode:
authorBrian Picciano <mediocregopher@gmail.com>2022-05-24 17:42:00 -0600
committerBrian Picciano <mediocregopher@gmail.com>2022-05-24 17:42:00 -0600
commit08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c (patch)
tree3fc8fa9025dbdc8099ea145e232f8b25547204b5 /srv/src/http/api.go
parent159638084e167047b86fd65382f50cd099d4eb48 (diff)
Replace CSRF token checking with Referer checking
Diffstat (limited to 'srv/src/http/api.go')
-rw-r--r--srv/src/http/api.go5
1 files changed, 1 insertions, 4 deletions
diff --git a/srv/src/http/api.go b/srv/src/http/api.go
index da54c9c..4143200 100644
--- a/srv/src/http/api.go
+++ b/srv/src/http/api.go
@@ -164,8 +164,6 @@ func (a *api) Shutdown(ctx context.Context) error {
func (a *api) apiHandler() http.Handler {
mux := http.NewServeMux()
- mux.Handle("/csrf", a.getCSRFTokenHandler())
-
mux.Handle("/pow/challenge", a.newPowChallengeHandler())
mux.Handle("/pow/check",
a.requirePowMiddleware(
@@ -250,11 +248,10 @@ func (a *api) handler() http.Handler {
h := apiutil.MethodMux(map[string]http.Handler{
"GET": applyMiddlewares(
mux,
- setCSRFMiddleware,
),
"*": applyMiddlewares(
mux,
- checkCSRFMiddleware,
+ a.checkCSRFMiddleware,
addResponseHeadersMiddleware(map[string]string{
"Cache-Control": "no-store, max-age=0",
"Pragma": "no-cache",

Please direct all issues, questions, and patches to me@mediocregopher.com.

Check mediocregopher.com for periodic updates about projects I'm working on.