Returned CSRF token with profile for ease of use by frontend and remo…

…ved cdnjs.cloudflare.com from default CDN whitelist
JonCooperWorks · Jul 13, 2020 · a2276ce · a2276ce
1 parent 4cbde23
commit a2276ce
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/cmd/wireguardhttps.go b/cmd/wireguardhttps.go
@@ -144,9 +144,9 @@ func main() {
 						Required: true,
 					},
 					&cli.StringSliceFlag{
-						Name:  "allowed-cdn",
-						Usage: "whitelisted CDNs for the CSP",
-						Value: cli.NewStringSlice("cdnjs.cloudflare.com"),
+						Name:     "allowed-cdn",
+						Usage:    "whitelisted CDNs for the CSP",
+						Required: false,
 					},
 				},
 				Action: actionServe,

diff --git a/handlers.go b/handlers.go
@@ -10,6 +10,7 @@ import (
 	"strconv"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gorilla/csrf"
 	"github.com/joncooperworks/wgrpcd"
 	"github.com/markbates/goth/gothic"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
@@ -244,6 +245,7 @@ func (wh *WireguardHandlers) ListUserDevicesHandler(c *gin.Context) {
 
 func (wh *WireguardHandlers) UserProfileInfoHandler(c *gin.Context) {
 	user := wh.user(c)
+	c.Header("X-CSRF-Token", csrf.Token(c.Request))
 	c.JSON(http.StatusOK, user)
 }
 

diff --git a/middleware.go b/middleware.go
@@ -5,7 +5,6 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/gorilla/csrf"
 	"github.com/gorilla/sessions"
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
@@ -48,7 +47,6 @@ func AuthenticationRequiredMiddleware(store sessions.Store, sessionName string)
 		}
 
 		c.Set("user", user)
-		c.Header("X-CSRF-Token", csrf.Token(c.Request))
 		c.Next()
 	}
 }