perso/syncthing-arm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow GET requests without CSRF

Browse Source
This commit is contained in:
Jakob Borg
2014-08-02 08:19:10 +02:00
parent b8bfc9b732
commit d65bbf2113
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/syncthing/gui_csrf.go
View File

@@ -43,6 +43,12 @@ func csrfMiddleware(prefix string, next http.Handler) http.Handler {
return
}
if r.Method == "GET" {
// Allow GET requests unconditionally
next.ServeHTTP(w, r)
return
}
// Verify the CSRF token
token := r.Header.Get("X-CSRF-Token")
if !validCsrfToken(token) {