perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cmd/syncthing: Enforce stricter CSRF policy on /rest GET requests (fixes #3134)

Browse Source 
GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3137
This commit is contained in:
Jakob Borg
2016-05-21 13:48:55 +00:00
committed by Audrius Butkevicius
parent cff9bbc9c5
commit bf7fcc612d
3 changed files with 85 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/syncthing/gui.go
View File

@@ -461,10 +461,6 @@ func corsMiddleware(next http.Handler) http.Handler {
//
// See https://www.w3.org/TR/cors/ for details.
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Add a generous access-control-allow-origin header since we may be
// redirecting REST requests over protocols
w.Header().Add("Access-Control-Allow-Origin", "*")
// Process OPTIONS requests
if r.Method == "OPTIONS" {
// Only GET/POST Methods are supported