Merge pull request #2044 from filebrowser/security_fix

2025-11-26 14:25:26 +08:00 · 2022-07-19 00:42:45 +02:00
parent cb43770025 80030dee32
commit 0523b31b96
1 changed files with 5 additions and 3 deletions
--- a/http/auth.go
+++ b/http/auth.go
@@ -53,9 +53,11 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
 		return auth, nil
 	}

-	cookie, _ := r.Cookie("auth")
-	if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
-		return cookie.Value, nil
+	if r.Method == http.MethodGet {
+		cookie, _ := r.Cookie("auth")
+		if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
+			return cookie.Value, nil
+		}
 	}

 	return "", request.ErrNoTokenInRequest