rdelaage
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Redirect to login page if CSRF token is expired 

This will force the form to be populated with a valid token.
This commit is contained in:
Frédéric Guillot 2020-08-09 13:16:57 -07:00
parent e97ebfd8c2
commit eaf1fc896f
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ui/middleware.go
View File

@ -89,6 +89,12 @@ func (m *middleware) handleAppSession(next http.Handler) http.Handler {
if session.Data.CSRF != formValue && session.Data.CSRF != headerValue {
logger.Error(`[UI:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue)
if mux.CurrentRoute(r).GetName() == "checkLogin" {
html.Redirect(w, r, route.Path(m.router, "login"))
return
}
html.BadRequest(w, r, errors.New("Invalid or missing CSRF"))
return
}