Profouzors
/
ProfouzorsLinx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

short-circuit on origin header 

If the Origin header is present, we can check it and skip the other
checks.
This commit is contained in:
mutantmonkey 2015-10-12 01:23:06 -07:00
parent 0a1aa869e4
commit a3723d3665
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
csrf.go
View File

@ -7,8 +7,9 @@ import (
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool { func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
p := strings.TrimSuffix(prefix, "/") p := strings.TrimSuffix(prefix, "/")
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, p) { if origin := r.Header.Get("Origin"); origin != "" {
return false // if there's an Origin header, check it and ignore the rest
return strings.HasPrefix(origin, p)
} }
for _, header := range whitelistHeaders { for _, header := range whitelistHeaders {