diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2022-04-06 23:47:58 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-06 23:47:58 +0800 |
| commit | 57c2ca7f26a7dd7633d65c396c4f0feba7e44210 (patch) | |
| tree | d516cb724e8c968d3b5ec4477595b6ad7040d830 /modules/context/csrf.go | |
| parent | 0704009dd77dd515f1f4d34c693ef50d0c7f5a5e (diff) | |
| download | gitea-57c2ca7f26a7dd7633d65c396c4f0feba7e44210.tar.gz gitea-57c2ca7f26a7dd7633d65c396c4f0feba7e44210.zip | |
Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.
Diffstat (limited to 'modules/context/csrf.go')
| -rw-r--r-- | modules/context/csrf.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/context/csrf.go b/modules/context/csrf.go index 8d179ca904..66ea6bd0a3 100644 --- a/modules/context/csrf.go +++ b/modules/context/csrf.go @@ -229,6 +229,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF { } } + needsNew = needsNew || ctx.Req.Method == "GET" // If this request is a Get request, it will generate a new token, make sure the token is always up-to-date. if needsNew { // FIXME: actionId. x.Token = GenerateToken(x.Secret, x.ID, "POST") |