diff options
author | Yorhel <git@yorhel.nl> | 2019-11-19 16:48:07 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2019-11-19 16:48:12 +0100 |
commit | e1da728d8124e249b46e054fb6a36686ff39c96e (patch) | |
tree | a2425d19a4996ca603c21d492a3af012a711a7c0 /lib | |
parent | aaafa389817a63d8d90dd37de8b845d34c2496d4 (diff) |
Increase CSRF token validity window to 12 hours
People leave their window open for a while, and that's fine.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/VNWeb/Auth.pm | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/VNWeb/Auth.pm b/lib/VNWeb/Auth.pm index 9e26d123..56367397 100644 --- a/lib/VNWeb/Auth.pm +++ b/lib/VNWeb/Auth.pm @@ -262,12 +262,10 @@ sub csrftoken { # Returns 1 if the given CSRF token is still valid (meaning: created for this -# user within the past 3 hours), 0 otherwise. +# user within the past 12 hours), 0 otherwise. sub csrfcheck { my($self, $token) = @_; - return 1 if $self->csrftoken( 0) eq $token; - return 1 if $self->csrftoken(-1) eq $token; - return 1 if $self->csrftoken(-2) eq $token; + $self->csrftoken($_) eq $token && return 1 for reverse -11..0; return 0; } |