fix: disable cookie auth for non GET requests

pull/2044/head
Oleg Lobanov 2022-07-19 00:39:02 +02:00
parent cb43770025
commit 80030dee32
No known key found for this signature in database
GPG Key ID: 65FF3DB864FE3D2A
1 changed files with 5 additions and 3 deletions

View File

@ -53,10 +53,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
return auth, nil return auth, nil
} }
if r.Method == http.MethodGet {
cookie, _ := r.Cookie("auth") cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 { if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil return cookie.Value, nil
} }
}
return "", request.ErrNoTokenInRequest return "", request.ErrNoTokenInRequest
} }