short-circuit on origin header
If the Origin header is present, we can check it and skip the other checks.
This commit is contained in:
parent
0a1aa869e4
commit
a3723d3665
5
csrf.go
5
csrf.go
@ -7,8 +7,9 @@ import (
|
||||
|
||||
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
|
||||
p := strings.TrimSuffix(prefix, "/")
|
||||
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, p) {
|
||||
return false
|
||||
if origin := r.Header.Get("Origin"); origin != "" {
|
||||
// if there's an Origin header, check it and ignore the rest
|
||||
return strings.HasPrefix(origin, p)
|
||||
}
|
||||
|
||||
for _, header := range whitelistHeaders {
|
||||
|
Loading…
Reference in New Issue
Block a user