From c1e16d55abf154f74f971b1b5aa00e3b41c27a95 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Wed, 24 Jul 2024 22:47:49 +0800
Subject: [PATCH] Optimized csrf mux

- Forced same site to lax mode for better browser compatibility
- Set zoraxy-csrf as cookie name
---
 src/main.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/main.go b/src/main.go
index f3138bf..b40637e 100644
--- a/src/main.go
+++ b/src/main.go
@@ -180,8 +180,14 @@ func main() {
 	nodeUUID = string(uuidBytes)
 
 	//Create a new webmin mux and csrf middleware layer
-	webminPanelMux := http.NewServeMux()
-	csrfMiddleware := csrf.Protect([]byte(nodeUUID))
+	webminPanelMux = http.NewServeMux()
+	csrfMiddleware = csrf.Protect(
+		[]byte(nodeUUID),
+		csrf.CookieName("zoraxy-csrf"),
+		csrf.Secure(false),
+		csrf.Path("/"),
+		csrf.SameSite(csrf.SameSiteLaxMode),
+	)
 
 	//Startup all modules
 	startupSequence()