github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(csrf): disable csrf secure cookie EE-6787 (#11299)

pull/11370/head
cmeng 2024-03-13 11:22:18 +13:00 committed by GitHub
parent cb9ab3b375
commit 6e11c10bab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/http/csrf/csrf.go
View File

@ -21,7 +21,11 @@ func WithProtect(handler http.Handler) (http.Handler, error) {
return nil, fmt.Errorf("failed to generate CSRF token: %w", err) return nil, fmt.Errorf("failed to generate CSRF token: %w", err)
} }
handler = gorillacsrf.Protect([]byte(token), gorillacsrf.Path("/"))(handler) handler = gorillacsrf.Protect(
[]byte(token),
gorillacsrf.Path("/"),
gorillacsrf.Secure(false),
)(handler)
return withSkipCSRF(handler), nil return withSkipCSRF(handler), nil
} }