func CheckXSRF()

in util/util.go [123:143]

• 20 lines of code
• 8 McCabe index (conditional complexity)

func CheckXSRF(r *http.Request) error {
	if r.Method == http.MethodGet || r.Method == http.MethodHead {
		// XSRF headers are only required for requests that can have side effects...
		return nil
	}
	xsrfCookie, err := r.Cookie("_xsrf")
	if err != nil {
		return fmt.Errorf("%w: Missing the '_xsrf' cookie for a request", HTTPError(http.StatusForbidden))
	}
	if xsrfCookie == nil || xsrfCookie.Value == "" {
		return fmt.Errorf("%w: Missing the '_xsrf' cookie for a request", HTTPError(http.StatusForbidden))
	}
	xsrfHeader := r.Header.Get("X-XSRFToken")
	if xsrfHeader == "" {
		return fmt.Errorf("%w: Missing the 'X-XSRFToken' header for a request", HTTPError(http.StatusForbidden))
	}
	if xsrfHeader != xsrfCookie.Value {
		return HTTPError(http.StatusForbidden)
	}
	return nil
}