security: enforce csrf on writes

This commit is contained in:
2026-04-10 17:25:27 +02:00
parent 2865d87ee9
commit ecb15782c8
2 changed files with 79 additions and 2 deletions

View File

@@ -73,7 +73,8 @@ func NewRouter(cfg Config) http.Handler {
mux.HandleFunc("/api/watchlist/", watchlistHandler.HandleDeleteWatchlist)
mux.HandleFunc("/watchlist", watchlistHandler.HandleGetWatchlist)
// Wrap mux with global auth checking, THEN auth context parsing
protectedHandler := middleware.RequireGlobalAuth(mux)
// Wrap mux with global CSRF origin verification and auth checking,
// THEN auth context parsing.
protectedHandler := middleware.RequireGlobalAuth(middleware.VerifyOrigin(mux))
return middleware.Auth(cfg.AuthService)(protectedHandler)
}