Skip to content

Commit

Permalink
csrf middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
goenning committed Jun 7, 2024
1 parent 4b21c03 commit e55a144
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
1 change: 1 addition & 0 deletions app/cmd/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ func routes(r *web.Engine) *web.Engine {
})

r.Use(middlewares.Secure())
r.Use(middlewares.CSRF())
r.Use(middlewares.Compress())

assets := r.Group()
Expand Down
13 changes: 13 additions & 0 deletions app/middlewares/security.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,16 @@ func Secure() web.MiddlewareFunc {
}
}
}

// Secure middleware is responsible for blocking CSRF attacks
func CSRF() web.MiddlewareFunc {
return func(next web.HandlerFunc) web.HandlerFunc {
return func(c *web.Context) error {
var isWriteRequest = c.Request.Method == "POST" || c.Request.Method == "PUT" || c.Request.Method == "DELETE"
if isWriteRequest && !c.IsAjax() {
return c.Forbidden()
}
return next(c)
}
}
}

0 comments on commit e55a144

Please sign in to comment.