From e45be9fbd365c4488812e1beb1603fdf0efd159f Mon Sep 17 00:00:00 2001 From: Dan Ballard Date: Fri, 25 Dec 2015 13:21:59 -0800 Subject: [PATCH] disable csrf until SSL --- main.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 25cb89f..ea4dac8 100644 --- a/main.go +++ b/main.go @@ -104,15 +104,18 @@ func main() { dbConnect() initTemplates() muxRouter := init_route_handlers() - errHandler := csrf.ErrorHandler( CSRFErrorHandler{} ) + //errHandler := csrf.ErrorHandler( CSRFErrorHandler{} ) // Terrible. TODO: Get SSL for prod, and then wrap in if(dev) { { - csrfSecurityOption := csrf.Secure(false) - csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room + //csrfSecurityOption := csrf.Secure(false) + //csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room fmt.Println("Listening on", config.Port, "...") - err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter)) + // Disabled CSRF until SSL (and sorting why the popup is throwing CSRF errs + // for tor and FF with ublock + https everywhere) + //err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter)) + err := http.ListenAndServe(":"+config.Port, muxRouter) if err != nil { fmt.Println("Fatal Error: ", err) }