CVE-2022-4850: chore: fix CSRF (#876) · usememos/memos@c9bb2b7

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

• • For

  • Enterprise

  • Teams

  • Startups

  • Education

  • By Solution

  • CI/CD & Automation

  • DevOps

  • DevSecOps

  • Case Studies

  • Customer Stories

  • Resources

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

• Pricing

• Notifications

• Fork 297

• Code

• Issues 50

• Pull requests 3

• Discussions

• Actions

• Projects 1

• Wiki

• Security

• Insights

Permalink

Browse files

chore: fix CSRF (#876)

• Loading branch information

1 parent 64e5c34 commit c9bb2b785dc5852655405d5c9ab127a2d5aa3948

Showing 2 changed files with 5 additions and 0 deletions.

• • acl.go
  • server.go

@@ -27,6 +27,7 @@ func setUserSession(ctx echo.Context, user *api.User) error {

Path: "/",

MaxAge: 3600 * 24 * 30,

HttpOnly: true,

SameSite: http.SameSiteStrictMode,

}

sess.Values[userIDContextKey] = user.ID

err := sess.Save(ctx.Request(), ctx.Response())

@@ -36,6 +36,10 @@ func NewServer(profile *profile.Profile) *Server {

`"status":${status},"error":"${error}"}` + "\n",

}))

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{

TokenLookup: "cookie:_csrf",

}))

e.Use(middleware.CORS())

e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{

0 comments on commit c9bb2b7

Please sign in to comment.