add comment

Emyrk · Emyrk · commit 388e56e5856f · 2024-01-08T10:20:44.000-06:00
diff --git a/coderd/httpmw/csrf.go b/coderd/httpmw/csrf.go
@@ -45,6 +45,7 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
 		mw.ExemptRegexp(regexp.MustCompile("/organizations/[^/]+/provisionerdaemons/*"))
 
 		mw.ExemptFunc(func(r *http.Request) bool {
+			// Only enforce CSRF on API routes.
 			if !strings.HasPrefix(r.URL.Path, "/api") {
 				return true
 			}

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {`
`45`	`45`	`mw.ExemptRegexp(regexp.MustCompile("/organizations/[^/]+/provisionerdaemons/*"))`
`46`	`46`
`47`	`47`	`mw.ExemptFunc(func(r *http.Request) bool {`
	`48`	`+ // Only enforce CSRF on API routes.`
`48`	`49`	`if !strings.HasPrefix(r.URL.Path, "/api") {`
`49`	`50`	`return true`
`50`	`51`	`}`