Thu, 22 Jun 2023 21:31:56 +0100
http: Add some helpful comments regarding auth/CSRF
src/http.lua | file | annotate | diff | comparison | revisions |
--- a/src/http.lua Thu Jun 22 21:31:36 2023 +0100 +++ b/src/http.lua Thu Jun 22 21:31:56 2023 +0100 @@ -17,12 +17,14 @@ local csrf_token_len = #uuid.generate(); +-- Add a CSRF token to the view data and cookie (for verification on next request) local function check_csrf(event, viewdata) local request, response = event.request, event.response; web.unpack_cookies(request); local csrf_token = request.cookies.csrf_token; log("debug", "csrf_token=%s", tostring(csrf_token)); if csrf_token and #csrf_token == csrf_token_len then + -- We already have a CSRF token cookie viewdata.csrf_token = csrf_token; else csrf_token = uuid.generate();