From 08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c Mon Sep 17 00:00:00 2001
From: Brian Picciano <mediocregopher@gmail.com>
Date: Tue, 24 May 2022 17:42:00 -0600
Subject: Replace CSRF token checking with Referer checking

---
 srv/src/http/api.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'srv/src/http/api.go')

diff --git a/srv/src/http/api.go b/srv/src/http/api.go
index da54c9c..4143200 100644
--- a/srv/src/http/api.go
+++ b/srv/src/http/api.go
@@ -164,8 +164,6 @@ func (a *api) Shutdown(ctx context.Context) error {
 func (a *api) apiHandler() http.Handler {
 	mux := http.NewServeMux()
 
-	mux.Handle("/csrf", a.getCSRFTokenHandler())
-
 	mux.Handle("/pow/challenge", a.newPowChallengeHandler())
 	mux.Handle("/pow/check",
 		a.requirePowMiddleware(
@@ -250,11 +248,10 @@ func (a *api) handler() http.Handler {
 	h := apiutil.MethodMux(map[string]http.Handler{
 		"GET": applyMiddlewares(
 			mux,
-			setCSRFMiddleware,
 		),
 		"*": applyMiddlewares(
 			mux,
-			checkCSRFMiddleware,
+			a.checkCSRFMiddleware,
 			addResponseHeadersMiddleware(map[string]string{
 				"Cache-Control": "no-store, max-age=0",
 				"Pragma":        "no-cache",
-- 
cgit v1.2.3