Redirect to login page if CSRF token is expired

This will force the form to be populated with a valid token.
author: Frédéric Guillot <fred@miniflux.net> 2020-08-09 13:16:57 -0700
committer: Frédéric Guillot <fred@miniflux.net> 2020-08-09 13:16:57 -0700
commit: eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0 (patch)
tree: f918b46aed20394c79e74ec91f13af4007520ded
parent: e97ebfd8c2095661b61d8586120547ddcebb156a (diff)
download: v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.tar.gz
v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.tar.zst
v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ui/middleware.go b/ui/middleware.go
index a7707ae1..0db46703 100644
--- a/ui/middleware.go
+++ b/ui/middleware.go
@@ -89,6 +89,12 @@ func (m *middleware) handleAppSession(next http.Handler) http.Handler {
 
 			if session.Data.CSRF != formValue && session.Data.CSRF != headerValue {
 				logger.Error(`[UI:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue)
+
+				if mux.CurrentRoute(r).GetName() == "checkLogin" {
+					html.Redirect(w, r, route.Path(m.router, "login"))
+					return
+				}
+
 				html.BadRequest(w, r, errors.New("Invalid or missing CSRF"))
 				return
 			}
author	Frédéric Guillot <fred@miniflux.net>	2020-08-09 13:16:57 -0700
committer	Frédéric Guillot <fred@miniflux.net>	2020-08-09 13:16:57 -0700
commit	eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0 (patch)
tree	f918b46aed20394c79e74ec91f13af4007520ded
parent	e97ebfd8c2095661b61d8586120547ddcebb156a (diff)
download	v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.tar.gz v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.tar.zst v2-eaf1fc896fbbd87bbea1687aa665fc054ee2f5a0.zip