fix: disable cookie auth for non GET requests

2022-07-19 00:39:02 +02:00
parent cb43770025
commit 80030dee32
1 changed files with 5 additions and 3 deletions
--- a/http/auth.go
+++ b/http/auth.go
@@ -53,9 +53,11 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
 		return auth, nil
 	}

-	cookie, _ := r.Cookie("auth")
-	if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
-		return cookie.Value, nil
+	if r.Method == http.MethodGet {
+		cookie, _ := r.Cookie("auth")
+		if cookie != nil && strings.Count(cookie.Value, ".") == 2 {
+			return cookie.Value, nil
+		}
 	}

 	return "", request.ErrNoTokenInRequest