Browse Source

Blank referrers are allowed

pull/73/head
andreimarcu 9 years ago
parent
commit
9b724725b3
  1. 5
      csrf.go
  2. 2
      templates/400.html
  3. 2
      templates/401.html

5
csrf.go

@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
} }
referrer := r.Header.Get("Referer") referrer := r.Header.Get("Referer")
if referrer == "" {
return true
}
u, _ := url.Parse(referrer) u, _ := url.Parse(referrer)
return sameOrigin(u, p) return sameOrigin(u, p)
} }

2
templates/400.html

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
<div id="main">
400 Bad Request 400 Bad Request
</div>
{% endblock %} {% endblock %}

2
templates/401.html

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
<div id="main">
401 Unauthorized 401 Unauthorized
</div>
{% endblock %} {% endblock %}
Loading…
Cancel
Save