Enforce domain, host header validation against domain setting, Refactoring of PR #1866, Closes #1732

2025-07-30 21:53:00 +08:00 · 2015-05-05 11:21:06 +02:00
parent 1f2cba81eb
commit 34539c0c13
7 changed files with 39 additions and 11 deletions
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@ -34,16 +34,6 @@ func GetContextHandler() macaron.Handler {
 			AllowAnonymous: false,
 		}

-		h := ctx.Req.Host
-		if i := strings.Index(h, ":"); i >= 0 {
-			h = h[:i]
-		}
-
-		if !strings.EqualFold(h, setting.Domain) {
-			ctx.Redirect(strings.TrimSuffix(setting.AppUrl, "/")+ctx.Req.RequestURI, 301)
-			return
-		}
-
 		// the order in which these are tested are important
 		// look for api key in Authorization header first
 		// then init session and look for userId in session