Allow GET requests without CSRF
This commit is contained in:
parent
b8bfc9b732
commit
d65bbf2113
|
@ -43,6 +43,12 @@ func csrfMiddleware(prefix string, next http.Handler) http.Handler {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if r.Method == "GET" {
|
||||||
|
// Allow GET requests unconditionally
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Verify the CSRF token
|
// Verify the CSRF token
|
||||||
token := r.Header.Get("X-CSRF-Token")
|
token := r.Header.Get("X-CSRF-Token")
|
||||||
if !validCsrfToken(token) {
|
if !validCsrfToken(token) {
|
||||||
|
|
Loading…
Reference in New Issue