Optimized csrf mux

- Forced same site to lax mode for better browser compatibility
- Set zoraxy-csrf as cookie name
This commit is contained in:
Toby Chui 2024-07-24 22:47:49 +08:00
parent f595da92a1
commit c1e16d55ab

View File

@ -180,8 +180,14 @@ func main() {
nodeUUID = string(uuidBytes)
//Create a new webmin mux and csrf middleware layer
webminPanelMux := http.NewServeMux()
csrfMiddleware := csrf.Protect([]byte(nodeUUID))
webminPanelMux = http.NewServeMux()
csrfMiddleware = csrf.Protect(
[]byte(nodeUUID),
csrf.CookieName("zoraxy-csrf"),
csrf.Secure(false),
csrf.Path("/"),
csrf.SameSite(csrf.SameSiteLaxMode),
)
//Startup all modules
startupSequence()