artifacthub
/
hub
mirror of https://github.com/artifacthub/hub.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow adding CSRF trusted origins (#4457) 

Signed-off-by: Sergio Castaño Arteaga <tegioz@icloud.com>
This commit is contained in:
Sergio Castaño Arteaga 2025-07-15 10:52:38 +02:00 committed by GitHub
parent e7d3d58337
commit 2a5e724e0c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configs/hub.yaml
View File

@ -32,3 +32,5 @@ server:
csrf:
authKey: default-unsafe-key
secure: false
trustedOrigins:
- localhost:8000

1
internal/handlers/handlers.go
View File

@ -173,6 +173,7 @@ func (h *Handlers) setupRouter() {
csrf.Secure(h.cfg.GetBool("server.csrf.secure")),
csrf.Path("/api/v1"),
csrf.CookieName("csrf"),
csrf.TrustedOrigins(h.cfg.GetStringSlice("server.csrf.trustedOrigins")),
))
r.Get("/csrf", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cache-Control", "no-store")