Don't check CSRF for manage and edit methods
This commit is contained in:
parent
16579fdf7f
commit
4878495914
@ -262,19 +262,21 @@ func (a *api) handler() http.Handler {
|
||||
|
||||
mux.Handle("/", a.blogHandler())
|
||||
|
||||
noCacheMiddleware := addResponseHeadersMiddleware(map[string]string{
|
||||
"Cache-Control": "no-store, max-age=0",
|
||||
"Pragma": "no-cache",
|
||||
"Expires": "0",
|
||||
})
|
||||
|
||||
h := applyMiddlewares(
|
||||
apiutil.MethodMux(map[string]http.Handler{
|
||||
"GET": applyMiddlewares(
|
||||
mux,
|
||||
),
|
||||
"GET": applyMiddlewares(mux),
|
||||
"MANAGE": applyMiddlewares(mux, noCacheMiddleware),
|
||||
"EDIT": applyMiddlewares(mux, noCacheMiddleware),
|
||||
"*": applyMiddlewares(
|
||||
mux,
|
||||
a.checkCSRFMiddleware,
|
||||
addResponseHeadersMiddleware(map[string]string{
|
||||
"Cache-Control": "no-store, max-age=0",
|
||||
"Pragma": "no-cache",
|
||||
"Expires": "0",
|
||||
}),
|
||||
noCacheMiddleware,
|
||||
),
|
||||
}),
|
||||
setLoggerMiddleware(a.params.Logger),
|
||||
|
Loading…
Reference in New Issue
Block a user