Blank referrers are allowed

2015-10-14 20:35:43 -04:00 · 2015-10-14 20:35:43 -04:00 · 9b724725b3
parent 256ca43d69
commit 9b724725b3
3 changed files with 11 additions and 2 deletions
--- a/csrf.go
+++ b/csrf.go
@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
 	}

 	referrer := r.Header.Get("Referer")
+
+	if referrer == "" {
+		return true
+	}
+
 	u, _ := url.Parse(referrer)
 	return sameOrigin(u, p)
 }
--- a/templates/400.html
+++ b/templates/400.html
@ -1,5 +1,7 @@
 {% extends "base.html" %}

 {% block content %}
-400 Bad Request
+<div id="main">
+	400 Bad Request
+</div>
 {% endblock %}
--- a/templates/401.html
+++ b/templates/401.html
@ -1,5 +1,7 @@
 {% extends "base.html" %}

 {% block content %}
-401 Unauthorized
+<div id="main">
+	401 Unauthorized
+</div>
 {% endblock %}