mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 23:20:24 +00:00
WebAdmin: check CSRF header when deleting blocked hosts
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
03724d5eb1
commit
7aac64531f
1 changed files with 2 additions and 2 deletions
|
@ -1809,8 +1809,8 @@ func (s *httpdServer) setupWebAdminRoutes() {
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminManageSystem)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
|
router.With(s.checkPerm(dataprovider.PermAdminManageSystem)).Post(webTemplateFolder, s.handleWebTemplateFolderPost)
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
|
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderPath, s.handleWebDefenderPage)
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
|
router.With(s.checkPerm(dataprovider.PermAdminViewDefender)).Get(webDefenderHostsPath, getDefenderHosts)
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminManageDefender)).Delete(webDefenderHostsPath+"/{id}",
|
router.With(s.checkPerm(dataprovider.PermAdminManageDefender), s.verifyCSRFHeader).
|
||||||
deleteDefenderHostByID)
|
Delete(webDefenderHostsPath+"/{id}", deleteDefenderHostByID)
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), compressor.Handler, s.refreshCookie).
|
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), compressor.Handler, s.refreshCookie).
|
||||||
Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions)
|
Get(webAdminEventActionsPath+jsonAPISuffix, getAllActions)
|
||||||
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), s.refreshCookie).
|
router.With(s.checkPerm(dataprovider.PermAdminManageEventRules), s.refreshCookie).
|
||||||
|
|
Loading…
Reference in a new issue