Cleanup
This commit is contained in:
parent
3c659601e2
commit
9847beeff5
6
csrf.go
6
csrf.go
@ -8,7 +8,7 @@ import (
|
|||||||
// Do a strict referrer check, matching against both the Origin header (if
|
// Do a strict referrer check, matching against both the Origin header (if
|
||||||
// present) and the Referrer header. If a list of headers is specified, then
|
// present) and the Referrer header. If a list of headers is specified, then
|
||||||
// Referrer checking will be skipped if any of those headers are present.
|
// Referrer checking will be skipped if any of those headers are present.
|
||||||
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string, allowBlank bool) bool {
|
func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []string) bool {
|
||||||
p, _ := url.Parse(prefix)
|
p, _ := url.Parse(prefix)
|
||||||
|
|
||||||
// if there's an Origin header, check it and skip other checks
|
// if there's an Origin header, check it and skip other checks
|
||||||
@ -25,10 +25,6 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
|
|||||||
|
|
||||||
referrer := r.Header.Get("Referer")
|
referrer := r.Header.Get("Referer")
|
||||||
|
|
||||||
if allowBlank && referrer == "" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
u, _ := url.Parse(referrer)
|
u, _ := url.Parse(referrer)
|
||||||
return sameOrigin(u, p)
|
return sameOrigin(u, p)
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,7 @@ type Upload struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) {
|
func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||||
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize", "X-Requested-With"}, false) {
|
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize", "X-Requested-With"}) {
|
||||||
badRequestHandler(c, w, r)
|
badRequestHandler(c, w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -144,12 +144,6 @@ func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
|
|||||||
unauthorizedHandler(c, w, r)
|
unauthorizedHandler(c, w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
// strict referrer checking is mandatory without remote auth keys
|
|
||||||
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize", "X-Requested-With"}, true) {
|
|
||||||
badRequestHandler(c, w, r)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.FormValue("url") == "" {
|
if r.FormValue("url") == "" {
|
||||||
|
Loading…
Reference in New Issue
Block a user