removed csrf

Azure · Jul 4, 2023 · b7e1764 · b7e1764
1 parent a5808b7
commit b7e1764
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/portal/portal.go b/pkg/portal/portal.go
@@ -164,6 +164,7 @@ func (p *portal) setupRouter(kconfig *kubeconfig.Kubeconfig, prom *prometheus.Pr
 	// we get the env var from within the function because it is not meant to be configurable
 	disableOauthOption := os.Getenv("DISABLE_OAUTH")
 	if disableOauthOption == "true" || env.IsLocalDevelopmentMode() || env.IsCI() {
+		p.log.Error("running in int")
 		p.aad, err = middleware.NewIntAAD(p.sessionKey, p.audit)
 	} else {
 		p.aad, err = middleware.NewAAD(p.log, p.audit, p.env, p.baseAccessLog, p.hostname, p.sessionKey, p.clientID, p.clientKey, p.clientCerts, allGroups,
@@ -177,7 +178,6 @@ func (p *portal) setupRouter(kconfig *kubeconfig.Kubeconfig, prom *prometheus.Pr
 	aadAuthenticatedRouter := r.NewRoute().Subrouter()
 	aadAuthenticatedRouter.Use(p.aad.AAD)
 	aadAuthenticatedRouter.Use(middleware.Log(p.env, p.audit, p.baseAccessLog))
-	aadAuthenticatedRouter.Use(csrf.Protect(p.sessionKey, csrf.SameSite(csrf.SameSiteStrictMode), csrf.MaxAge(0), csrf.Path("/")))
 
 	p.aadAuthenticatedRoutes(aadAuthenticatedRouter, prom, kconfig, sshStruct)