Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: only skip CSRF for /api/ routes with Bearer tokens

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-04-23 13:34:43 +02:00
parent ab17ff8b79
commit 5fc208c9da
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/csrf.go
+6 -1
View File
@@ -71,7 +71,7 @@ func CSRFMiddleware() func(http.Handler) http.Handler {
return return
} }
if strings.HasPrefix(r.URL.Path, "/api/") { if strings.HasPrefix(r.URL.Path, "/api/") && hasBearerToken(r) {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
return return
} }
@@ -86,6 +86,11 @@ func CSRFMiddleware() func(http.Handler) http.Handler {
} }
} }
func hasBearerToken(r *http.Request) bool {
auth := strings.TrimSpace(r.Header.Get("Authorization"))
return strings.HasPrefix(auth, "Bearer ")
}
func IsHTTPS(r *http.Request) bool { func IsHTTPS(r *http.Request) bool {
if r.TLS != nil { if r.TLS != nil {
return true return true