fix(csrf): skip the trusted origins check for plain-text HTTP requests BE-11832 (#710)

Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com> Co-authored-by: oscarzhou <oscar.zhou@portainer.io>
2025-08-03 04:45:21 +02:00 · 2025-05-08 23:39:29 -03:00 · 2025-05-08 23:39:29 -03:00 · 9fdc535d6b
commit 9fdc535d6b
parent b9b734ceda
4 changed files with 40 additions and 5 deletions
--- a/go.mod
+++ b/go.mod
@ -26,7 +26,7 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/csrf v1.7.2
+	github.com/gorilla/csrf v1.7.3
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.0
 	github.com/hashicorp/go-version v1.7.0
@ -243,7 +243,6 @@ require (
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
 	github.com/tilt-dev/fsnotify v1.4.8-0.20220602155310-fff9c274a375 // indirect