feat: Disable CSRF check for "/c/oidc/onboard" API for authenticating…

… and Onboarding a User via API from Custom CLI Closes #16966 Fixes #16966 Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
goharbor · Jun 9, 2022 · 0573f59 · 0573f59
1 parent b8a71ac
commit 0573f59
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/server/middleware/csrf/csrf.go b/src/server/middleware/csrf/csrf.go
@@ -75,6 +75,7 @@ func csrfSkipper(req *http.Request) bool {
 	if (strings.HasPrefix(path, "/v2/") ||
 		strings.HasPrefix(path, "/api/") ||
 		strings.HasPrefix(path, "/chartrepo/") ||
+		strings.HasPrefix(path, "/c/oidc/onboard") ||
 		strings.HasPrefix(path, "/service/")) && !lib.GetCarrySession(req.Context()) {
 		return true
 	}