Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: GetCSRFToken() shouldn't fall back to the cookie

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2025-12-26 17:28:10 +01:00
parent 566890f48f
commit 0802b9dd9d
1 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/middleware/csrf.go
View File

@@ -37,19 +37,11 @@ func SetCSRFToken(w http.ResponseWriter, r *http.Request, token string) {
}
func GetCSRFToken(r *http.Request) string {
if token := strings.TrimSpace(r.FormValue(CSRFTokenFormName)); token != "" {
token := strings.TrimSpace(r.FormValue(CSRFTokenFormName))
if token == "" {
token = strings.TrimSpace(r.Header.Get(CSRFTokenHeaderName))
}
return token
}
if token := strings.TrimSpace(r.Header.Get(CSRFTokenHeaderName)); token != "" {
return token
}
if cookie, err := r.Cookie(CSRFTokenCookieName); err == nil {
return strings.TrimSpace(cookie.Value)
}
return ""
}
func ValidateCSRFToken(r *http.Request) bool {