opensource/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2025-07-01 02:30:39 +08:00
Code Issues Projects Releases Wiki Activity

cmds/http: remove referrer check

Browse Source 
it used to be here for a CSRF check. but we now have CORS checks.

License: MIT
Signed-off-by: Juan Batiz-Benet <juan@benet.ai>
This commit is contained in:
Juan Batiz-Benet
2015-07-28 07:20:05 -07:00
parent 7cf5e87cfe
commit c633e2b575
1 changed files with 0 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
commands/http/handler.go
View File

@ -102,20 +102,6 @@ func (i Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
func (i internalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
log.Debug("Incoming API request: ", r.URL)
// error on external referers (to prevent CSRF attacks)
referer := r.Referer()
scheme := r.URL.Scheme
if len(scheme) == 0 {
scheme = "http"
}
host := fmt.Sprintf("%s://%s/", scheme, r.Host)
// empty string means the user isn't following a link (they are directly typing in the url)
if referer != "" && !strings.HasPrefix(referer, host) {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("403 - Forbidden"))
return
}
req, err := Parse(r, i.root)
if err != nil {
if err == ErrNotFound {