From 9b724725b3defd83951ec616fec1ef6f1295856a Mon Sep 17 00:00:00 2001
From: andreimarcu <andrei@marcu.net>
Date: Wed, 14 Oct 2015 20:35:43 -0400
Subject: [PATCH] Blank referrers are allowed

---
 csrf.go            | 5 +++++
 templates/400.html | 4 +++-
 templates/401.html | 4 +++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/csrf.go b/csrf.go
index 9b8b93e..03b11b3 100644
--- a/csrf.go
+++ b/csrf.go
@@ -24,6 +24,11 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
 	}
 
 	referrer := r.Header.Get("Referer")
+
+	if referrer == "" {
+		return true
+	}
+
 	u, _ := url.Parse(referrer)
 	return sameOrigin(u, p)
 }
diff --git a/templates/400.html b/templates/400.html
index 11f3e87..b1d40af 100644
--- a/templates/400.html
+++ b/templates/400.html
@@ -1,5 +1,7 @@
 {% extends "base.html" %}
 
 {% block content %}
-400 Bad Request
+<div id="main">
+	400 Bad Request
+</div>
 {% endblock %}
diff --git a/templates/401.html b/templates/401.html
index d643b62..9fc5692 100644
--- a/templates/401.html
+++ b/templates/401.html
@@ -1,5 +1,7 @@
 {% extends "base.html" %}
 
 {% block content %}
-401 Unauthorized
+<div id="main">
+	401 Unauthorized
+</div>
 {% endblock %}