Mitigate CSRF attacks (#206)

2025-06-06 00:37:24 +03:00 · 2022-07-14 08:36:47 +02:00 · 2022-07-14 08:36:47 +02:00 · 031d2cb7e8
commit 031d2cb7e8
parent 97652be545
4 changed files with 47 additions and 33 deletions
--- a/router/router.go
+++ b/router/router.go
@ -103,11 +103,6 @@ func New(tmplBox *rice.Box, extraData map[string]string, secret []byte) *echo.Ec
 	e.Logger.SetLevel(log.DEBUG)
 	e.Pre(middleware.RemoveTrailingSlash())
 	e.Use(middleware.Logger())
-	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		AllowOrigins: []string{"*"},
-		AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept, echo.HeaderAuthorization},
-		AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
-	}))
 	e.HideBanner = true
 	e.Validator = NewValidator()
 	e.Renderer = &TemplateRegistry{