mirror of
https://github.com/ngoduykhanh/wireguard-ui.git
synced 2025-07-09 17:34:25 +03:00
Use POST for the /api/apply-wg-config endpoint and check the Content-Type Header for all non-GET requests to prevent CSRF attacks
This commit is contained in:
parent
f43c59c043
commit
7c7081a3ba
3 changed files with 47 additions and 28 deletions
19
handler/middlewares.go
Normal file
19
handler/middlewares.go
Normal file
|
@ -0,0 +1,19 @@
|
|||
package handler
|
||||
|
||||
import (
|
||||
"github.com/labstack/echo/v4"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// ContentTypeJson checks that the requests have the Content-Type header set to "application/json".
|
||||
// This helps against CSRF attacks.
|
||||
func ContentTypeJson(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
contentType := c.Request().Header.Get("Content-Type")
|
||||
if contentType != "application/json" {
|
||||
return c.JSON(http.StatusBadRequest, jsonHTTPResponse{false, "Only JSON allowed"})
|
||||
}
|
||||
|
||||
return next(c)
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue