Skip to content

Commit

Permalink
fix XSRF
Browse files Browse the repository at this point in the history
  • Loading branch information
@andeya
andeya committed Apr 9, 2018
1 parent b97d794 commit 4ea7f27
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions context.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,15 +178,16 @@ func (ctx *Context) checkXSRFCookie() bool {
return true
}
token := ctx.BizParam("_xsrf")
if token == "" {
token = ctx.CookieParam("_xsrf")
}
if token == "" {
token = ctx.R.Header.Get("X-Xsrftoken")
}
if token == "" {
token = ctx.R.Header.Get("X-Csrftoken")
}
// default cookie value
if token == "" {
token, _ = ctx.SecureCookieParam(ctx.frame.config.XSRF.Key, "_xsrf")
}
if token == "" {
ctx.Error(403, "'_xsrf' argument missing from POST")
return false
Expand Down

0 comments on commit 4ea7f27

Please sign in to comment.