Don't check CSRF for manage and edit methods

2022-11-29 22:20:34 +01:00 · 2022-11-29 22:20:34 +01:00 · 4878495914
commit 4878495914
parent 16579fdf7f
1 changed files with 10 additions and 8 deletions
--- a/src/http/api.go
+++ b/src/http/api.go
@ -262,19 +262,21 @@ func (a *api) handler() http.Handler {

 	mux.Handle("/", a.blogHandler())

+	noCacheMiddleware := addResponseHeadersMiddleware(map[string]string{
+		"Cache-Control": "no-store, max-age=0",
+		"Pragma":        "no-cache",
+		"Expires":       "0",
+	})
+
 	h := applyMiddlewares(
 		apiutil.MethodMux(map[string]http.Handler{
-			"GET": applyMiddlewares(
-				mux,
-			),
+			"GET":    applyMiddlewares(mux),
+			"MANAGE": applyMiddlewares(mux, noCacheMiddleware),
+			"EDIT":   applyMiddlewares(mux, noCacheMiddleware),
 			"*": applyMiddlewares(
 				mux,
 				a.checkCSRFMiddleware,
-				addResponseHeadersMiddleware(map[string]string{
-					"Cache-Control": "no-store, max-age=0",
-					"Pragma":        "no-cache",
-					"Expires":       "0",
-				}),
+				noCacheMiddleware,
 			),
 		}),
 		setLoggerMiddleware(a.params.Logger),