chore: cleanup files

This commit is contained in:
2026-04-08 18:02:54 +02:00
parent b3477fa7dd
commit a0617ec127
17 changed files with 82 additions and 81 deletions

View File

@@ -5,8 +5,6 @@ import (
"net/url"
)
// VerifyOrigin prevents simple CSRF by ensuring the Origin or Referer header matches the Host header
// for state-changing endpoints (POST/PUT/DELETE).
func VerifyOrigin(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet || r.Method == http.MethodHead || r.Method == http.MethodOptions {
@@ -22,7 +20,7 @@ func VerifyOrigin(next http.Handler) http.Handler {
http.Error(w, "Missing Origin or Referer header", http.StatusForbidden)
return
}
refURL, err := url.Parse(referer)
if err != nil {
http.Error(w, "Invalid Referer header", http.StatusForbidden)
@@ -32,12 +30,10 @@ func VerifyOrigin(next http.Handler) http.Handler {
}
host := r.Host
// Optional: strip port if you only care about domain
// If origin doesn't match host (accounting for potential schema prefixes)
expectedHTTP := "http://" + host
expectedHTTPS := "https://" + host
if origin != expectedHTTP && origin != expectedHTTPS {
http.Error(w, "Cross-Site Request Forgery (CSRF) origin mismatch", http.StatusForbidden)
return