3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-28 00:17:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: make callback path configurable (#493)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2020-02-08 09:06:23 -08:00 committed by GitHub
parent 1901cb5ca0
commit 5716113c2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 57 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

4
authenticate/handlers.go
View file

@ -31,8 +31,8 @@ func (a *Authenticate) Handler() http.Handler {
a.cookieSecret,
csrf.Secure(a.cookieOptions.Secure),
csrf.Path("/"),
csrf.UnsafePaths([]string{callbackPath}), // enforce CSRF on "safe" handler
csrf.FormValueName("state"), // rfc6749 section-10.12
csrf.UnsafePaths([]string{a.RedirectURL.Path}), // enforce CSRF on "safe" handler
csrf.FormValueName("state"), // rfc6749 section-10.12
csrf.CookieName(fmt.Sprintf("%s_csrf", a.cookieOptions.Name)),
csrf.ErrorHandler(httputil.HandlerFunc(httputil.CSRFFailureHandler)),
))