13
3
Fork 0
Wiki Issues 89 resources competences Projects 8 Code Pull Requests Releases Activity
Browse Source

Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338) 

There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.
tags/v1.16.6
wxiaoguang 3 years ago committed by GitHub
parent
0704009dd7
commit
57c2ca7f26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      modules/context/csrf.go

1
modules/context/csrf.go
Unescape View File

@ -229,6 +229,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF {
}
}
needsNew = needsNew || ctx.Req.Method == "GET" // If this request is a Get request, it will generate a new token, make sure the token is always up-to-date.
if needsNew {
// FIXME: actionId.
x.Token = GenerateToken(x.Secret, x.ID, "POST")

Write Preview
Loading…
Cancel
Save