fix: disable cookie auth for non GET requests
This commit is contained in:
parent
cb43770025
commit
80030dee32
|
@ -53,10 +53,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
|
|||
return auth, nil
|
||||
}
|
||||
|
||||
if r.Method == http.MethodGet {
|
||||
cookie, _ := r.Cookie("auth")
|
||||
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
|
||||
return cookie.Value, nil
|
||||
}
|
||||
}
|
||||
|
||||
return "", request.ErrNoTokenInRequest
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue