Skip to content

Commit

Permalink
fix missing csrf cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
@orvice @developStorm
orvice authored and developStorm committed Aug 22, 2022
1 parent ac6a32a commit 0d65dea
Showing 1 changed file with 5 additions and 10 deletions.
15 changes: 5 additions & 10 deletions internal/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,20 +233,15 @@ func (s *Server) authRedirect(logger *logrus.Entry, w http.ResponseWriter, r *ht
return
}

var setCsrfCookie = true
var csrf *http.Cookie
// Check for existing CSRF cookie
// clean existing CSRF cookie
for _, v := range r.Cookies() {
if strings.Contains(v.Name, config.CSRFCookieName) {
setCsrfCookie = false
http.SetCookie(w, ClearCSRFCookie(r, v))
}
}

if setCsrfCookie {
// Set the CSRF cookie
csrf := MakeCSRFCookie(r, nonce)
http.SetCookie(w, csrf)
}
// Set the CSRF cookie
csrf := MakeCSRFCookie(r, nonce)
http.SetCookie(w, csrf)

if !config.InsecureCookie && r.Header.Get("X-Forwarded-Proto") != "https" {
logger.Warn("You are using \"secure\" cookies for a request that was not " +
Expand Down

0 comments on commit 0d65dea

Please sign in to comment.