Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reload protector should defer deletion of cookie. #447

Open
komuw opened this issue May 26, 2024 · 2 comments
Open

reload protector should defer deletion of cookie. #447

komuw opened this issue May 26, 2024 · 2 comments

Comments

@komuw
Copy link
Owner

komuw commented May 26, 2024

func reloadProtector(wrappedHandler http.Handler, domain string) http.HandlerFunc {
safeMethods := []string{
// safe methods under rfc7231: https://datatracker.ietf.org/doc/html/rfc7231#section-4.2.1
http.MethodGet,
http.MethodHead,
http.MethodOptions,
http.MethodTrace,
}
return func(w http.ResponseWriter, r *http.Request) {
// It is possible for one to send a form without having added the requiste form http header.
if !slices.Contains(safeMethods, r.Method) {

		defer func() {
			cookie.Delete(
				w,
				theCookie,
				o.Domain,
			)
		}()

There's a bug where all second legitimate submissions of from fail

@komuw
Copy link
Owner Author

komuw commented May 27, 2024

I don't think there's a bug. I had a html form like;

<form>
<button id="resetButton">Reset</button>
</form>

And everytime I would press the button it would submit an empty form, which I would presume to be a bug in ong.
But what I needed is;

<button id="resetButton" type="button">Reset purchase</button>
<!-- Make sure the button has a type==button so that it doesn't submit which is the default action for butoons. -->

@komuw komuw closed this as completed May 27, 2024
@komuw komuw reopened this Jun 6, 2024
@komuw
Copy link
Owner Author

komuw commented Jun 6, 2024

komuw added a commit that referenced this issue Jun 6, 2024
That middleware is not working as intended. This PR mitigates until we can implement a proper fix.

- Updates: #447
- https://en.wikipedia.org/wiki/Post/Redirect/Get
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant