Blank referrers are allowed
This commit is contained in:
parent
256ca43d69
commit
9b724725b3
5
csrf.go
5
csrf.go
|
@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
|
|||
}
|
||||
|
||||
referrer := r.Header.Get("Referer")
|
||||
|
||||
if referrer == "" {
|
||||
return true
|
||||
}
|
||||
|
||||
u, _ := url.Parse(referrer)
|
||||
return sameOrigin(u, p)
|
||||
}
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
<div id="main">
|
||||
400 Bad Request
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{% extends "base.html" %}
|
||||
|
||||
{% block content %}
|
||||
<div id="main">
|
||||
401 Unauthorized
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in New Issue