Merge e704d63cd6 into 49cdf0c42e

2025-06-20 15:32:01 -04:00 · 2025-06-20 15:32:01 -04:00 · b15ba0f6cd
parent 49cdf0c42e e704d63cd6
commit b15ba0f6cd
1 changed files with 8 additions and 3 deletions
--- a/src/net/http/csrf.go
+++ b/src/net/http/csrf.go
@ -136,7 +136,7 @@ func (c *CrossOriginProtection) Check(req *Request) error {
 		if c.isRequestExempt(req) {
 			return nil
 		}
-		return errors.New("cross-origin request detected from Sec-Fetch-Site header")
+		return errCrossOriginRequest
 	}

 	origin := req.Header.Get("Origin")
@ -159,10 +159,15 @@ func (c *CrossOriginProtection) Check(req *Request) error {
 	if c.isRequestExempt(req) {
 		return nil
 	}
-	return errors.New("cross-origin request detected, and/or browser is out of date: " +
-		"Sec-Fetch-Site is missing, and Origin does not match Host")
+	return errCrossOriginRequestFromOldBrowser
 }

+var (
+	errCrossOriginRequest               = errors.New("cross-origin request detected from Sec-Fetch-Site header")
+	errCrossOriginRequestFromOldBrowser = errors.New("cross-origin request detected, and/or browser is out of date: " +
+		"Sec-Fetch-Site is missing, and Origin does not match Host")
+)
+
 // isRequestExempt checks the bypasses which require taking a lock, and should
 // be deferred until the last moment.
 func (c *CrossOriginProtection) isRequestExempt(req *Request) bool {