Browse Source

Blank referrers are allowed

pull/73/head
andreimarcu 9 years ago
parent
commit
9b724725b3
  1. 5
      csrf.go
  2. 4
      templates/400.html
  3. 4
      templates/401.html

5
csrf.go

@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
} }
referrer := r.Header.Get("Referer") referrer := r.Header.Get("Referer")
if referrer == "" {
return true
}
u, _ := url.Parse(referrer) u, _ := url.Parse(referrer)
return sameOrigin(u, p) return sameOrigin(u, p)
} }

4
templates/400.html

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
400 Bad Request
<div id="main">
400 Bad Request
</div>
{% endblock %} {% endblock %}

4
templates/401.html

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
401 Unauthorized
<div id="main">
401 Unauthorized
</div>
{% endblock %} {% endblock %}
Loading…
Cancel
Save