summaryrefslogtreecommitdiffhomepage
path: root/control/controlhttp/controlhttpserver/controlhttpserver.go
diff options
context:
space:
mode:
authorPatrick O'Doherty <patrick@tailscale.com>2025-02-27 11:58:45 -0800
committerGitHub <noreply@github.com>2025-02-27 11:58:45 -0800
commitf5522e62d1dde2ea966f2454df248a8ea2d43676 (patch)
tree39ec2793746b17012046d7abb0cb20e9015fab7f /control/controlhttp/controlhttpserver/controlhttpserver.go
parentae303d41dd1850b4306848a5ada87ea8b14a088d (diff)
downloadtailscale-f5522e62d1dde2ea966f2454df248a8ea2d43676.tar.xz
tailscale-f5522e62d1dde2ea966f2454df248a8ea2d43676.zip
client/web: fix CSRF handler order in web UI (#15143)
Fix the order of the CSRF handlers (HTTP plaintext context setting, _then_ enforcement) in the construction of the web UI server. This resolves false-positive "invalid Origin" 403 exceptions when attempting to update settings in the web UI. Add unit test to exercise the CSRF protection failure and success cases for our web UI configuration. Updates #14822 Updates #14872 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')
0 files changed, 0 insertions, 0 deletions