Redirect to login page if CSRF token is expired

This will force the form to be populated with a valid token.
2020-08-09 13:16:57 -07:00 · 2020-08-09 13:16:57 -07:00 · eaf1fc896f
commit eaf1fc896f
parent e97ebfd8c2
1 changed files with 6 additions and 0 deletions
--- a/ui/middleware.go
+++ b/ui/middleware.go
@ -89,6 +89,12 @@ func (m *middleware) handleAppSession(next http.Handler) http.Handler {

 			if session.Data.CSRF != formValue && session.Data.CSRF != headerValue {
 				logger.Error(`[UI:AppSession] Invalid or missing CSRF token: Form="%s", Header="%s"`, formValue, headerValue)
+
+				if mux.CurrentRoute(r).GetName() == "checkLogin" {
+					html.Redirect(w, r, route.Path(m.router, "login"))
+					return
+				}
+
 				html.BadRequest(w, r, errors.New("Invalid or missing CSRF"))
 				return
 			}