OrgGo
/
filebrowser
mirror of https://github.com/filebrowser/filebrowser.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: disable cookie auth for non GET requests

This commit is contained in:
Oleg Lobanov 2022-07-19 00:39:02 +02:00
parent cb43770025
commit 80030dee32
No known key found for this signature in database
GPG Key ID: 65FF3DB864FE3D2A
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/auth.go
View File

@ -53,10 +53,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
return auth, nil return auth, nil
} }
if r.Method == http.MethodGet {
cookie, _ := r.Cookie("auth") cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 { if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil return cookie.Value, nil
} }
}
return "", request.ErrNoTokenInRequest return "", request.ErrNoTokenInRequest
} }