Docker
/
linx-server
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

short-circuit on origin header 

If the Origin header is present, we can check it and skip the other
checks.
pull/59/head
mutantmonkey 9 years ago
parent
0a1aa869e4
commit
a3723d3665
1 changed files with 3 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      csrf.go

5
csrf.go
View File

@ -7,8 +7,9 @@ import (
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool { func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
p := strings.TrimSuffix(prefix, "/") p := strings.TrimSuffix(prefix, "/")
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, p) {
return false
if origin := r.Header.Get("Origin"); origin != "" {
// if there's an Origin header, check it and ignore the rest
return strings.HasPrefix(origin, p)
} }
for _, header := range whitelistHeaders { for _, header := range whitelistHeaders {

Write Preview
Loading…
Cancel
Save