Add CSRF protection to state-changing POST endpoints (closes #11) #16

Merged

sneak merged 2 commits from :fix/issue-11 into main

2026-02-16 05:53:38 +01:00

Author	SHA1	Message	Date
Jeffrey Paul	4247162d30	Merge branch 'main' into fix/issue-11	2026-02-16 05:51:25 +01:00
clawbot	b1dc8fcc4e	Add CSRF protection to state-changing POST endpoints Add gorilla/csrf middleware to protect all HTML-serving routes against cross-site request forgery attacks. The webhook endpoint is excluded since it uses secret-based authentication. Changes: - Add gorilla/csrf v1.7.3 dependency - Add CSRF() middleware method using session secret as key - Apply CSRF middleware to all HTML route groups in routes.go - Pass CSRF token to all templates via addGlobals helper - Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms Closes #11	2026-02-15 14:17:55 -08:00

Author

SHA1

Message

Date

Jeffrey Paul

4247162d30

Merge branch 'main' into fix/issue-11

2026-02-16 05:51:25 +01:00

clawbot

b1dc8fcc4e

Add CSRF protection to state-changing POST endpoints

Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11

2026-02-15 14:17:55 -08:00

Add CSRF protection to state-changing POST endpoints (closes #11) #16

2 Commits