Browse Source

short-circuit on origin header

If the Origin header is present, we can check it and skip the other
checks.
pull/59/head
mutantmonkey 9 years ago
parent
commit
a3723d3665
  1. 5
      csrf.go

5
csrf.go

@ -7,8 +7,9 @@ import (
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool { func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
p := strings.TrimSuffix(prefix, "/") p := strings.TrimSuffix(prefix, "/")
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, p) {
return false
if origin := r.Header.Get("Origin"); origin != "" {
// if there's an Origin header, check it and ignore the rest
return strings.HasPrefix(origin, p)
} }
for _, header := range whitelistHeaders { for _, header := range whitelistHeaders {

Loading…
Cancel
Save