IntenseWebs/boringproxy
3
0
Fork 0
mirror of https://github.com/boringproxy/boringproxy.git synced 2025-02-25 18:55:29 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use Post/Redirect/Get pattern for login

Browse Source
This commit is contained in:
Anders Pitman 2020-10-11 15:22:58 -06:00
parent 2ca7800ca6
commit 31ea48365f
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webui/login.tmpl
View File

@ -19,7 +19,7 @@
</head>
<body>
<form class='dialog' action="/login" method="GET">
<form class='dialog' action="/login" method="POST">
<label for="token">Token:</label>
<input type="password" id="token" name="token">
<button class='button green-button' type="submit">Login</button>

5
webui_handler.go
View File

@ -226,8 +226,7 @@ func (h *WebUiHandler) handleTunnels(w http.ResponseWriter, r *http.Request) {
func (h *WebUiHandler) handleLogin(w http.ResponseWriter, r *http.Request) {
// Using GET requests to avoid form resubmission warnings in browsers
if r.Method != "GET" {
if r.Method != "POST" {
w.WriteHeader(405)
w.Write([]byte("Invalid method for login"))
}
@ -247,7 +246,7 @@ func (h *WebUiHandler) handleLogin(w http.ResponseWriter, r *http.Request) {
if h.auth.Authorized(token) {
cookie := &http.Cookie{Name: "access_token", Value: token, Secure: true, HttpOnly: true}
http.SetCookie(w, cookie)
http.Redirect(w, r, "/", 307)
http.Redirect(w, r, "/", 303)
} else {
w.WriteHeader(401)
w.Write([]byte("Invalid token"))