Don't check CSRF for manage and edit methods

This commit is contained in:
Brian Picciano 2022-11-29 22:20:34 +01:00
parent 16579fdf7f
commit 4878495914

View File

@ -262,19 +262,21 @@ func (a *api) handler() http.Handler {
mux.Handle("/", a.blogHandler())
h := applyMiddlewares(
apiutil.MethodMux(map[string]http.Handler{
"GET": applyMiddlewares(
mux,
),
"*": applyMiddlewares(
mux,
a.checkCSRFMiddleware,
addResponseHeadersMiddleware(map[string]string{
noCacheMiddleware := addResponseHeadersMiddleware(map[string]string{
"Cache-Control": "no-store, max-age=0",
"Pragma": "no-cache",
"Expires": "0",
}),
})
h := applyMiddlewares(
apiutil.MethodMux(map[string]http.Handler{
"GET": applyMiddlewares(mux),
"MANAGE": applyMiddlewares(mux, noCacheMiddleware),
"EDIT": applyMiddlewares(mux, noCacheMiddleware),
"*": applyMiddlewares(
mux,
a.checkCSRFMiddleware,
noCacheMiddleware,
),
}),
setLoggerMiddleware(a.params.Logger),