🔒 Improved CSRF middleware configuration
This commit is contained in:
parent
e463a437ee
commit
98b6d77dc1
|
@ -123,13 +123,15 @@ func (h *RequestHandler) Register(r *router.Router) {
|
|||
chain := middleware.Chain{
|
||||
middleware.CSRFWithConfig(middleware.CSRFConfig{
|
||||
Skipper: func(ctx *http.RequestCtx) bool {
|
||||
return ctx.IsPost() && string(ctx.Path()) == "/authorize"
|
||||
matched, _ := path.Match("/authorize*", string(ctx.Path()))
|
||||
|
||||
return ctx.IsPost() && matched
|
||||
},
|
||||
CookieMaxAge: 0,
|
||||
CookieSameSite: http.CookieSameSiteStrictMode,
|
||||
ContextKey: "",
|
||||
CookieDomain: "",
|
||||
CookieName: "_csrf",
|
||||
ContextKey: "csrf",
|
||||
CookieDomain: h.config.Server.Domain,
|
||||
CookieName: "__Secure-csrf",
|
||||
CookiePath: "",
|
||||
TokenLookup: "form:_csrf",
|
||||
TokenLength: 0,
|
||||
|
@ -226,6 +228,7 @@ func (h *RequestHandler) handleRender(ctx *http.RequestCtx) {
|
|||
}
|
||||
|
||||
func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
|
||||
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
|
||||
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
|
||||
|
||||
encoder := json.NewEncoder(ctx)
|
||||
|
@ -399,6 +402,7 @@ func NewAuthVerifyRequest() *AuthVerifyRequest {
|
|||
}
|
||||
}
|
||||
|
||||
//nolint: funlen
|
||||
func (r *AuthVerifyRequest) bind(ctx *http.RequestCtx) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
|
|
|
@ -65,10 +65,10 @@ func (h *RequestHandler) Register(r *router.Router) {
|
|||
return ctx.IsPost() && matched
|
||||
},
|
||||
CookieMaxAge: 0,
|
||||
CookieSameSite: http.CookieSameSiteLaxMode,
|
||||
CookieSameSite: http.CookieSameSiteStrictMode,
|
||||
ContextKey: "csrf",
|
||||
CookieDomain: "",
|
||||
CookieName: "_csrf",
|
||||
CookieDomain: h.config.Server.Domain,
|
||||
CookieName: "__Secure-csrf",
|
||||
CookiePath: "",
|
||||
TokenLookup: "form:_csrf",
|
||||
TokenLength: 0,
|
||||
|
@ -88,7 +88,8 @@ func (h *RequestHandler) Register(r *router.Router) {
|
|||
SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),
|
||||
Skipper: middleware.DefaultSkipper,
|
||||
SuccessHandler: nil,
|
||||
TokenLookup: middleware.SourceHeader + ":" + http.HeaderAuthorization,
|
||||
TokenLookup: middleware.SourceHeader + ":" + http.HeaderAuthorization +
|
||||
"," + middleware.SourceCookie + ":" + "__Secure-auth-token",
|
||||
}),
|
||||
middleware.LogFmt(),
|
||||
}
|
||||
|
@ -117,6 +118,7 @@ func (h *RequestHandler) handleRender(ctx *http.RequestCtx) {
|
|||
}
|
||||
|
||||
func (h *RequestHandler) handleSend(ctx *http.RequestCtx) {
|
||||
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
|
||||
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
|
||||
ctx.SetStatusCode(http.StatusOK)
|
||||
|
||||
|
|
Loading…
Reference in New Issue