1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-22 23:20:48 +00:00

Merge pull request #3867 from ywk253100/191119_xsrf

Abort with the pre-defined status code when handling XSRF error
This commit is contained in:
astaxie 2019-11-29 18:43:02 +08:00 committed by GitHub
commit aa90c67a75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -169,11 +169,11 @@ func (ctx *Context) CheckXSRFCookie() bool {
token = ctx.Request.Header.Get("X-Csrftoken")
}
if token == "" {
ctx.Abort(403, "'_xsrf' argument missing from POST")
ctx.Abort(422, "422")
return false
}
if ctx._xsrfToken != token {
ctx.Abort(403, "XSRF cookie does not match POST argument")
ctx.Abort(417, "417")
return false
}
return true