aboutsummaryrefslogtreecommitdiffstats
path: root/web/web.go
diff options
context:
space:
mode:
Diffstat (limited to 'web/web.go')
-rw-r--r--web/web.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/web.go b/web/web.go
index a287bb9..d59d308 100644
--- a/web/web.go
+++ b/web/web.go
@@ -379,7 +379,7 @@ func CSRFMiddleware(cfg *config.Settings, next http.Handler) http.Handler {
token = cookie.Value
}
- if (r.Method == http.MethodPost || r.Method == http.MethodPut || r.Method == http.MethodDelete) && r.URL.Path != "/api/login" {
+ if (r.Method == http.MethodPost || r.Method == http.MethodPut || r.Method == http.MethodDelete) && r.URL.Path != "/api/login" && r.URL.Path != "/login/" {
headerToken := r.Header.Get("X-CSRF-Token")
if headerToken == "" || headerToken != token {
http.Error(w, "CSRF token mismatch", http.StatusForbidden)
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-25 14:50:37 +0000