perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement API keys

Browse Source
This commit is contained in:
Jakob Borg
2014-06-04 22:00:55 +02:00
parent 80c2b32b92
commit 20a018db2e
6 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/syncthing/gui_csrf.go
View File

@@ -22,6 +22,9 @@ var csrfMut sync.Mutex
// the request with 403. For / and /index.html, set a new CSRF cookie if none
// is currently set.
func csrfMiddleware(w http.ResponseWriter, r *http.Request) {
if validAPIKey(r.Header.Get("X-API-Key")) {
return
}
if strings.HasPrefix(r.URL.Path, "/rest/") {
token := r.Header.Get("X-CSRF-Token")
if !validCsrfToken(token) {