From 1fede04b83288d8a91304a83b7601699bb5cba04 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Wed, 18 Sep 2024 15:17:25 +0800
Subject: Refactor CSRF protector (#32057)

Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
---
 routers/web/web.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'routers')

diff --git a/routers/web/web.go b/routers/web/web.go
index 41b019e4b5..f1e941a84e 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -129,6 +129,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) {
 			// ensure the session uid is deleted
 			_ = ctx.Session.Delete("uid")
 		}
+
+		ctx.Csrf.PrepareForSessionUser(ctx)
 	}
 }
 
-- 
cgit v1.2.3