Browse Source

disable csrf until SSL

master
Dan Ballard 6 years ago
parent
commit
e45be9fbd3
  1. 11
      main.go

11
main.go

@ -104,15 +104,18 @@ func main() {
dbConnect()
initTemplates()
muxRouter := init_route_handlers()
errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )
//errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )
// Terrible. TODO: Get SSL for prod, and then wrap in if(dev) { {
csrfSecurityOption := csrf.Secure(false)
csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room
//csrfSecurityOption := csrf.Secure(false)
//csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room
fmt.Println("Listening on", config.Port, "...")
err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))
// Disabled CSRF until SSL (and sorting why the popup is throwing CSRF errs
// for tor and FF with ublock + https everywhere)
//err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))
err := http.ListenAndServe(":"+config.Port, muxRouter)
if err != nil {
fmt.Println("Fatal Error: ", err)
}

Loading…
Cancel
Save