riwiwa/muzi
1
0
Fork 0
mirror of https://github.com/riwiwa/muzi.git synced 2026-02-28 11:56:57 -08:00
Code Issues Packages Projects Releases Wiki Activity

add CSRF protection, add cookie security

Browse Source
This commit is contained in:
riwiwa
2026-02-08 21:46:50 -08:00
parent 349c28e29c
commit a33e724199
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/web.go
View File

@@ -204,6 +204,8 @@ func createAccount(w http.ResponseWriter, r *http.Request) {
Value: sessionID,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
MaxAge: 86400 * 30, // 30 days
})
http.Redirect(w, r, "/profile/"+username, http.StatusSeeOther)
@@ -248,6 +250,8 @@ func loginSubmit(w http.ResponseWriter, r *http.Request) {
Value: sessionID,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
MaxAge: 86400 * 30, // 30 days
})
http.Redirect(w, r, "/profile/"+username, http.StatusSeeOther)
@@ -503,5 +507,6 @@ func Start() {
r.Post("/import/lastfm", importLastFMHandler)
r.Get("/import/lastfm/progress", importLastFMProgressHandler)
fmt.Printf("WebUI starting on %s\n", addr)
http.ListenAndServe(addr, r)
prot := http.NewCrossOriginProtection()
http.ListenAndServe(addr, prot.Handler(r))
}