From 08811a6da78c3f1f973b8f50a337ff4dc4ed9e2c Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Tue, 24 May 2022 17:42:00 -0600 Subject: Replace CSRF token checking with Referer checking --- srv/src/http/tpl.go | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) (limited to 'srv/src/http/tpl.go') diff --git a/srv/src/http/tpl.go b/srv/src/http/tpl.go index 8654569..fb0f5bd 100644 --- a/srv/src/http/tpl.go +++ b/srv/src/http/tpl.go @@ -5,7 +5,6 @@ import ( "fmt" "html/template" "io/fs" - "log" "net/http" "path/filepath" "strings" @@ -100,21 +99,12 @@ func (a *api) mustParseTpl(name string) *template.Template { func (a *api) mustParseBasedTpl(name string) *template.Template { tpl := a.mustParseTpl(name) - tpl = template.Must(tpl.New("load-csrf.html").Parse(mustReadTplFile("load-csrf.html"))) tpl = template.Must(tpl.New("base.html").Parse(mustReadTplFile("base.html"))) return tpl } type tplData struct { - Payload interface{} - CSRFToken string -} - -func (t tplData) CSRFFormInput() template.HTML { - return template.HTML(fmt.Sprintf( - ``, - csrfTokenFormName, - )) + Payload interface{} } // executeTemplate expects to be the final action in an http.Handler @@ -123,11 +113,8 @@ func executeTemplate( tpl *template.Template, payload interface{}, ) { - csrfToken, _ := apiutil.GetCookie(r, csrfTokenCookieName, "") - tplData := tplData{ - Payload: payload, - CSRFToken: csrfToken, + Payload: payload, } if err := tpl.Execute(rw, tplData); err != nil { @@ -141,7 +128,6 @@ func executeTemplate( func (a *api) executeRedirectTpl( rw http.ResponseWriter, r *http.Request, url string, ) { - log.Printf("here url:%q", url) executeTemplate(rw, r, a.redirectTpl, struct { URL string }{ -- cgit v1.2.3