toby3d/auth
toby3d
/
auth
1
0
Fork 0
Code Actions Packages Releases Activity

🔒 Delete CSRF cookie in auth HTTP API route

This commit is contained in:
Maxim Lebedev 2022-02-18 00:12:46 +05:00
parent fabd29c8c5
commit 6867e41fdf
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/auth/delivery/http/auth_http.go
View File

@ -240,6 +240,7 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
ctx.Request.Header.DelCookie("__Secure-csrf")
encoder := json.NewEncoder(ctx)