3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-22 05:27:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: remove csrf checks from proxied routes

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2019-09-18 12:47:30 -07:00
parent 923dca3fe1
commit 664fb8b0ea
No known key found for this signature in database
GPG key ID: AEE4CF12FE86D07E
1 changed files with 12 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

21
proxy/handlers.go
View file

@ -25,21 +25,24 @@ func (p *Proxy) Handler() http.Handler {
_, ok := p.routeConfigs[host]
return ok
}))
r.Use(csrf.Protect(
r.HandleFunc("/robots.txt", p.RobotsTxt)
// requires authN not authZ
r.Use(sessions.RetrieveSession(p.sessionStore))
r.Use(p.VerifySession)
// Proxy service endpoints
v := r.PathPrefix("/.pomerium").Subrouter()
v.Use(csrf.Protect(
p.cookieSecret,
csrf.Path("/"),
csrf.Domain(p.cookieDomain),
csrf.CookieName(fmt.Sprintf("%s_csrf", p.cookieName)),
csrf.ErrorHandler(http.HandlerFunc(httputil.CSRFFailureHandler)),
))
r.HandleFunc("/robots.txt", p.RobotsTxt)
// requires authN not authZ
r.Use(sessions.RetrieveSession(p.sessionStore))
r.Use(p.VerifySession)
r.HandleFunc("/.pomerium/", p.UserDashboard).Methods(http.MethodGet)
r.HandleFunc("/.pomerium/impersonate", p.Impersonate).Methods(http.MethodPost)
r.HandleFunc("/.pomerium/sign_out", p.SignOut).Methods(http.MethodGet, http.MethodPost)
r.HandleFunc("/.pomerium/refresh", p.ForceRefresh).Methods(http.MethodPost)
v.HandleFunc("/", p.UserDashboard).Methods(http.MethodGet)
v.HandleFunc("/impersonate", p.Impersonate).Methods(http.MethodPost)
v.HandleFunc("/sign_out", p.SignOut).Methods(http.MethodGet, http.MethodPost)
v.HandleFunc("/refresh", p.ForceRefresh).Methods(http.MethodPost)
r.PathPrefix("/").HandlerFunc(p.Proxy)
return r
}