marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-09-18 18:19:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix issue #819

Browse Source 
fixes issue #819 by putting the plugin API on a separate mux that is not wrapped in the CSRF middleware
This commit is contained in:
Anthony Rubick
2025-09-13 02:47:09 -05:00
parent c745d82cf3
commit 1c26d60c8f
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/main.go
View File

@@ -115,9 +115,19 @@ func main() {
//Initiate management interface APIs
requireAuth = !(*noauth)
initAPIs(webminPanelMux)
initRestAPI(webminPanelMux)
//Start the reverse proxy server in go routine
// Create a new plugin API mux
pluginAPIMux := http.NewServeMux()
initRestAPI(pluginAPIMux)
// Create a parent mux to route /plugin endpoints without CSRF, others with CSRF
parentMux := http.NewServeMux()
// /plugin (rest API) endpoints: no CSRF
parentMux.Handle("/plugin/", pluginAPIMux)
// all other endpoints: with CSRF
parentMux.Handle("/", csrfMiddleware(webminPanelMux))
// Start the reverse proxy server in go routine
go func() {
ReverseProxtInit()
}()
@@ -134,7 +144,7 @@ func main() {
SystemWideLogger.Println(SYSTEM_NAME + " started. Visit control panel at http://" + *webUIPort)
}
err = http.ListenAndServe(*webUIPort, csrfMiddleware(webminPanelMux))
err = http.ListenAndServe(*webUIPort, parentMux)
if err != nil {
log.Fatal(err)