mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-25 00:50:31 +00:00
respect token validation mode for CSRF header
Fixes #1104 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
ff4c1b239e
commit
08e29d4ee0
1 changed files with 6 additions and 4 deletions
|
@ -299,10 +299,12 @@ func verifyCSRFHeader(next http.Handler) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
if !util.Contains(token.Audience(), util.GetIPFromRemoteAddress(r.RemoteAddr)) {
|
||||
logger.Debug(logSender, "", "error validating CSRF header IP audience")
|
||||
sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
|
||||
return
|
||||
if tokenValidationMode != tokenValidationNoIPMatch {
|
||||
if !util.Contains(token.Audience(), util.GetIPFromRemoteAddress(r.RemoteAddr)) {
|
||||
logger.Debug(logSender, "", "error validating CSRF header IP audience")
|
||||
sendAPIResponse(w, r, errors.New("the token is not valid"), "", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
|
|
Loading…
Reference in a new issue