disable csrf until SSL

This commit is contained in:
Dan Ballard 2015-12-25 13:21:59 -08:00
parent 765659b3ee
commit e45be9fbd3
1 changed files with 7 additions and 4 deletions

11
main.go
View File

@ -104,15 +104,18 @@ func main() {
dbConnect()
initTemplates()
muxRouter := init_route_handlers()
errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )
//errHandler := csrf.ErrorHandler( CSRFErrorHandler{} )
// Terrible. TODO: Get SSL for prod, and then wrap in if(dev) { {
csrfSecurityOption := csrf.Secure(false)
csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room
//csrfSecurityOption := csrf.Secure(false)
//csrfMaxTimeOption := csrf.MaxAge(3600 * 24 * 3) // 3 Days - a little more wiggle room
fmt.Println("Listening on", config.Port, "...")
err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))
// Disabled CSRF until SSL (and sorting why the popup is throwing CSRF errs
// for tor and FF with ublock + https everywhere)
//err := http.ListenAndServe(":"+config.Port, csrf.Protect([]byte(csrfSecret()), errHandler, csrfSecurityOption, csrfMaxTimeOption)(muxRouter))
err := http.ListenAndServe(":"+config.Port, muxRouter)
if err != nil {
fmt.Println("Fatal Error: ", err)
}