diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/net/http/csrf.go | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/net/http/csrf.go b/src/net/http/csrf.go index 8812a508ae..5e1b686fd1 100644 --- a/src/net/http/csrf.go +++ b/src/net/http/csrf.go @@ -136,7 +136,7 @@ func (c *CrossOriginProtection) Check(req *Request) error { if c.isRequestExempt(req) { return nil } - return errors.New("cross-origin request detected from Sec-Fetch-Site header") + return errCrossOriginRequest } origin := req.Header.Get("Origin") @@ -159,10 +159,15 @@ func (c *CrossOriginProtection) Check(req *Request) error { if c.isRequestExempt(req) { return nil } - return errors.New("cross-origin request detected, and/or browser is out of date: " + - "Sec-Fetch-Site is missing, and Origin does not match Host") + return errCrossOriginRequestFromOldBrowser } +var ( + errCrossOriginRequest = errors.New("cross-origin request detected from Sec-Fetch-Site header") + errCrossOriginRequestFromOldBrowser = errors.New("cross-origin request detected, and/or browser is out of date: " + + "Sec-Fetch-Site is missing, and Origin does not match Host") +) + // isRequestExempt checks the bypasses which require taking a lock, and should // be deferred until the last moment. func (c *CrossOriginProtection) isRequestExempt(req *Request) bool { |