Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-21 22:39:41 +02:00
Code Issues Releases Activity
portainer/api/http/csrf/csrf.go
cmeng a2a4c85f2d
Some checks are pending
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details
ci / build_images (map[arch:arm platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Waiting to run
Details
ci / build_images (map[arch:s390x platform:linux version:]) (push) Waiting to run
Details
ci / build_manifests (push) Blocked by required conditions
Details
/ triage (push) Waiting to run
Details
Lint / Run linters (push) Waiting to run
Details
Test / test-client (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:linux]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Waiting to run
Details
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Waiting to run
Details
Test / test-server (map[arch:arm64 platform:linux]) (push) Waiting to run
Details
fix(csrf): disable csrf secure cookie EE-6787 (#11300)
2024-03-13 11:22:11 +13:00

66 lines
1.4 KiB
Go
Raw Blame History

package csrf
import (
"crypto/rand"
"fmt"
"net/http"
httperror "github.com/portainer/portainer/pkg/libhttp/error"
gorillacsrf "github.com/gorilla/csrf"
"github.com/portainer/portainer/api/http/security"
"github.com/urfave/negroni"
)
func WithProtect(handler http.Handler) (http.Handler, error) {
handler = withSendCSRFToken(handler)
token := make([]byte, 32)
_, err := rand.Read(token)
if err != nil {
return nil, fmt.Errorf("failed to generate CSRF token: %w", err)
}
handler = gorillacsrf.Protect(
[]byte(token),
gorillacsrf.Path("/"),
gorillacsrf.Secure(false),
)(handler)
return withSkipCSRF(handler), nil
}
func withSendCSRFToken(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
sw := negroni.NewResponseWriter(w)
sw.Before(func(sw negroni.ResponseWriter) {
statusCode := sw.Status()
if statusCode >= 200 && statusCode < 300 {
csrfToken := gorillacsrf.Token(r)
sw.Header().Set("X-CSRF-Token", csrfToken)
}
})
handler.ServeHTTP(sw, r)
})
}
func withSkipCSRF(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
skip, err := security.ShouldSkipCSRFCheck(r)
if err != nil {
httperror.WriteError(w, http.StatusForbidden, err.Error(), err)
return
}
if skip {
r = gorillacsrf.UnsafeSkipCheck(r)
}
handler.ServeHTTP(w, r)
})
}
View git blame Copy permalink