diff options
Diffstat (limited to 'srv/api/csrf.go')
| -rw-r--r-- | srv/api/csrf.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/srv/api/csrf.go b/srv/api/csrf.go index 0802d8a..13b6ec6 100644 --- a/srv/api/csrf.go +++ b/srv/api/csrf.go @@ -41,8 +41,14 @@ func checkCSRFMiddleware(h http.Handler) http.Handler { if err != nil { apiutils.InternalServerError(rw, r, err) return + } + + givenCSRFTok := r.Header.Get(csrfTokenHeaderName) + if givenCSRFTok == "" { + givenCSRFTok = r.FormValue("csrfToken") + } - } else if csrfTok == "" || r.Header.Get(csrfTokenHeaderName) != csrfTok { + if csrfTok == "" || givenCSRFTok != csrfTok { apiutils.BadRequest(rw, r, errors.New("invalid CSRF token")) return } |