Skip to content

Commit

Permalink
short-circuit on origin header
Browse files Browse the repository at this point in the history 
If the Origin header is present, we can check it and skip the other
checks.
  • Loading branch information
@mutantmonkey
mutantmonkey committed Oct 12, 2015
1 parent 0a1aa86 commit a3723d3
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions csrf.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ import (

func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
p := strings.TrimSuffix(prefix, "/")
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, p) {
return false
if origin := r.Header.Get("Origin"); origin != "" {
// if there's an Origin header, check it and ignore the rest
return strings.HasPrefix(origin, p)
}

for _, header := range whitelistHeaders {
Expand Down

0 comments on commit a3723d3

Please sign in to comment.