Mirrors/filebrowser
1
0
Fork 0
mirror of https://github.com/filebrowser/filebrowser.git synced 2026-01-23 02:35:10 +00:00
Code Issues Projects Releases Wiki Activity

fix: disable cookie auth for non GET requests

Browse source
This commit is contained in:
Oleg Lobanov 2022-07-19 00:39:02 +02:00
parent cb43770025
commit 80030dee32
No known key found for this signature in database
GPG key ID: 65FF3DB864FE3D2A
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
http/auth.go
View file

@ -53,9 +53,11 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
return auth, nil
}
cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil
if r.Method == http.MethodGet {
cookie, _ := r.Cookie("auth")
if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
return cookie.Value, nil
}
}
return "", request.ErrNoTokenInRequest