synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement (but not enforce) CSRF for FE requests (#3786)

Browse Source 
Future work is to enforce CSRF

Co-authored-by: Presley Pizzo <presley@coder.com>
This commit is contained in:
Steven Masley
2022-09-13 15:26:46 -04:00
committed by GitHub
parent 9ab437d6e2
commit 9b5ee8f267
22 changed files with 211 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
coderd/coderd.go
View File

@ -187,6 +187,7 @@ func New(options *Options) *API {
next.ServeHTTP(w, r)
})
},
httpmw.CSRF(options.SecureAuthCookie),
)
apps := func(r chi.Router) {