Skip to content

Commit 7760ff1

Browse files
EmyrkEmyrk
committed
external auth is just get requests
1 parent 8b3da6e commit 7760ff1

File tree

1 file changed

+1
-4
lines changed

1 file changed

+1
-4
lines changed

coderd/httpmw/csrf.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
2020
http.Error(w, "Something is wrong with your CSRF token. Please refresh the page. If this error persists, try clearing your cookies.", http.StatusBadRequest)
2121
}))
2222
// Exempt all requests that do not require CSRF protection.
23-
// All GET requests are exempt by default and no not need to be added here.
23+
// All GET requests are exempt by default.
2424
mw.ExemptPath("/api/v2/csp/reports")
2525

2626
// Top level agent routes.
@@ -29,9 +29,6 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
2929
mw.ExemptRegexp(regexp.MustCompile("api/v2/workspaceagents/me/*"))
3030
// Derp routes
3131
mw.ExemptRegexp(regexp.MustCompile("derp/*"))
32-
// Some extra non-auth
33-
mw.ExemptRegexp(regexp.MustCompile("/externa-auth/*"))
34-
mw.ExemptRegexp(regexp.MustCompile("/github/*"))
3532

3633
mw.ExemptFunc(func(r *http.Request) bool {
3734
// CSRF only affects requests that automatically attach credentials via a cookie.

0 commit comments

Comments
 (0)