Optimized csrf mux

- Forced same site to lax mode for better browser compatibility - Set zoraxy-csrf as cookie name
2025-06-03 06:07:20 +02:00 · 2024-07-24 22:47:49 +08:00 · 2024-07-24 22:47:49 +08:00 · c1e16d55ab
commit c1e16d55ab
parent f595da92a1
1 changed files with 8 additions and 2 deletions
--- a/src/main.go
+++ b/src/main.go
@ -180,8 +180,14 @@ func main() {
 	nodeUUID = string(uuidBytes)

 	//Create a new webmin mux and csrf middleware layer
-	webminPanelMux := http.NewServeMux()
-	csrfMiddleware := csrf.Protect([]byte(nodeUUID))
+	webminPanelMux = http.NewServeMux()
+	csrfMiddleware = csrf.Protect(
+		[]byte(nodeUUID),
+		csrf.CookieName("zoraxy-csrf"),
+		csrf.Secure(false),
+		csrf.Path("/"),
+		csrf.SameSite(csrf.SameSiteLaxMode),
+	)

 	//Startup all modules
 	startupSequence()