feat(security): #286 first try on csrf

2024-12-06 22:42:23 +01:00
parent 04c6d0e71d
commit 425a7cc989
5 changed files with 52 additions and 12 deletions
--- a/main.go
+++ b/main.go
@@ -77,7 +77,7 @@ func run(ctx context.Context, database *sql.DB, env func(string) string) {
 }

 func startServer(s *http.Server) {
-	log.Info("Starting server on %v", s.Addr)
+	log.Info("Starting server on %q", s.Addr)
 	if err := s.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 		log.Error("error listening and serving: %v", err)
 	}
@@ -130,6 +130,7 @@ func createHandler(d *sql.DB, serverSettings *types.Settings) http.Handler {
 		middleware.Log,
 		middleware.ContentSecurityPolicy,
 		middleware.Cors(serverSettings),
+		middleware.CrossSiteRequestForgery(authService),
 		middleware.Corp,
 		middleware.Coop,
 	)