From 34f44cb5d5d6316009f242d27d2f3d69f4d5b90e Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Thu, 2 Sep 2021 17:02:20 -0600
Subject: implementation of basic chat page which can show history and not much
 else

---
 srv/api/csrf.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'srv/api/csrf.go')

diff --git a/srv/api/csrf.go b/srv/api/csrf.go
index 0802d8a..13b6ec6 100644
--- a/srv/api/csrf.go
+++ b/srv/api/csrf.go
@@ -41,8 +41,14 @@ func checkCSRFMiddleware(h http.Handler) http.Handler {
 		if err != nil {
 			apiutils.InternalServerError(rw, r, err)
 			return
+		}
+
+		givenCSRFTok := r.Header.Get(csrfTokenHeaderName)
+		if givenCSRFTok == "" {
+			givenCSRFTok = r.FormValue("csrfToken")
+		}
 
-		} else if csrfTok == "" || r.Header.Get(csrfTokenHeaderName) != csrfTok {
+		if csrfTok == "" || givenCSRFTok != csrfTok {
 			apiutils.BadRequest(rw, r, errors.New("invalid CSRF token"))
 			return
 		}
-- 
cgit v1.2.3