barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-28 12:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: expire csrf cookie if it's invalid

Browse Source
This commit is contained in:
Stavros
2025-09-02 18:38:11 +03:00
parent ad4fc7ef5f
commit 9ce16c9652
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/controller/oauth_controller.go
View File

@@ -108,6 +108,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
if err != nil || state != csrfCookie {
log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
return
}