fix: disable cookie auth for non GET requests

pull/2044/head
Oleg Lobanov 2022-07-19 00:39:02 +02:00
parent cb43770025
commit 80030dee32
No known key found for this signature in database
GPG Key ID: 65FF3DB864FE3D2A
1 changed files with 5 additions and 3 deletions

View File

@ -53,9 +53,11 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
return auth, nil
}
cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil
if r.Method == http.MethodGet {
cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil
}
}
return "", request.ErrNoTokenInRequest