Skip to content

Commit

Permalink
Resolve CSRF preventing POST/DELETE requests with CORS (#85)
Browse files Browse the repository at this point in the history
  • Loading branch information
@feedmeapples
feedmeapples authored Jan 7, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
1 parent 286083a commit 45970db
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions server/server.go
View file
Original file line number Diff line number Diff line change
@@ -71,13 +71,18 @@ func NewServer(opts ...server_options.ServerOption) *Server {
// Middleware
e.Use(middleware.Logger())
e.Use(middleware.Recover())
e.Use(middleware.Secure())
e.Use(middleware.CSRF())
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: serverOpts.Config.CORS.AllowOrigins,
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
AllowOrigins: serverOpts.Config.CORS.AllowOrigins,
AllowHeaders: []string{
echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept,
echo.HeaderXCSRFToken,
},
AllowCredentials: true,
}))
e.Use(middleware.Secure())
e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
CookiePath: "/",
}))
e.Use(session.Middleware(sessions.NewCookieStore(
securecookie.GenerateRandomKey(32),
securecookie.GenerateRandomKey(32),

0 comments on commit 45970db

Please sign in to comment.