Profouzors
/
ProfouzorsLinx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Blank referrers are allowed

This commit is contained in:
andreimarcu 2015-10-14 20:35:43 -04:00
parent 256ca43d69
commit 9b724725b3
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
csrf.go
View File

@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
} }
referrer := r.Header.Get("Referer") referrer := r.Header.Get("Referer")
if referrer == "" {
return true
}
u, _ := url.Parse(referrer) u, _ := url.Parse(referrer)
return sameOrigin(u, p) return sameOrigin(u, p)
} }

4
templates/400.html
View File

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
400 Bad Request <div id="main">
400 Bad Request
</div>
{% endblock %} {% endblock %}

4
templates/401.html
View File

@ -1,5 +1,7 @@
{% extends "base.html" %} {% extends "base.html" %}
{% block content %} {% block content %}
401 Unauthorized <div id="main">
401 Unauthorized
</div>
{% endblock %} {% endblock %}