fix: disable cookie auth for non GET requests
parent
cb43770025
commit
80030dee32
|
@ -53,9 +53,11 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
|
||||||
return auth, nil
|
return auth, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
cookie, _ := r.Cookie("auth")
|
if r.Method == http.MethodGet {
|
||||||
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
|
cookie, _ := r.Cookie("auth")
|
||||||
return cookie.Value, nil
|
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
|
||||||
|
return cookie.Value, nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return "", request.ErrNoTokenInRequest
|
return "", request.ErrNoTokenInRequest
|
||||||
|
|
Loading…
Reference in New Issue