mirror of
https://github.com/miniflux/v2.git
synced 2024-09-28 05:11:51 +02:00
Redirect to login page if CSRF token is expired
This will force the form to be populated with a valid token.
This commit is contained in:
parent
e97ebfd8c2
commit
eaf1fc896f
@ -89,6 +89,12 @@ func (m *middleware) handleAppSession(next http.Handler) http.Handler {
|
||||
|
||||
if session.Data.CSRF != formValue && session.Data.CSRF != headerValue {
|
||||
logger.Error(`[UI:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue)
|
||||
|
||||
if mux.CurrentRoute(r).GetName() == "checkLogin" {
|
||||
html.Redirect(w, r, route.Path(m.router, "login"))
|
||||
return
|
||||
}
|
||||
|
||||
html.BadRequest(w, r, errors.New("Invalid or missing CSRF"))
|
||||
return
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user