authenticate: make callback path configurable (#493)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-02-08 09:06:23 -08:00 committed by GitHub
parent 1901cb5ca0
commit 5716113c2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 57 additions and 26 deletions

View file

@ -31,8 +31,8 @@ func (a *Authenticate) Handler() http.Handler {
a.cookieSecret,
csrf.Secure(a.cookieOptions.Secure),
csrf.Path("/"),
csrf.UnsafePaths([]string{callbackPath}), // enforce CSRF on "safe" handler
csrf.FormValueName("state"), // rfc6749 section-10.12
csrf.UnsafePaths([]string{a.RedirectURL.Path}), // enforce CSRF on "safe" handler
csrf.FormValueName("state"), // rfc6749 section-10.12
csrf.CookieName(fmt.Sprintf("%s_csrf", a.cookieOptions.Name)),
csrf.ErrorHandler(httputil.HandlerFunc(httputil.CSRFFailureHandler)),
))