perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement CSRF protection for REST interface (fixes #287)

Browse Source
This commit is contained in:
Jakob Borg
2014-06-04 21:20:07 +02:00
parent 028e9bc17a
commit 80c2b32b92
4 changed files with 120 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/syncthing/gui.go
View File

@@ -105,6 +105,7 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
router.Post("/rest/discovery/hint", restPostDiscoveryHint)
mr := martini.New()
mr.Use(csrfMiddleware)
if len(cfg.User) > 0 && len(cfg.Password) > 0 {
mr.Use(basic(cfg.User, cfg.Password))
}
@@ -114,6 +115,8 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
mr.Action(router.Handle)
mr.Map(m)
loadCsrfTokens()
go http.Serve(listener, mr)
return nil