algunos navegadores no envían origin

2024-11-14 23:01:41 +00:00 · 2020-09-28 18:46:55 -03:00 · 2020-09-28 18:46:55 -03:00 · 91a87405bc
commit 91a87405bc
parent aae96ede6f
2 changed files with 6 additions and 1 deletions
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@ -26,6 +26,11 @@ module Api
      def origin
        request.headers['Origin']
      end
+
+      # Los navegadores antiguos no envían Origin
+      def origin?
+        !origin.blank?
+      end
    end
  end
 end
--- a/app/controllers/api/v1/protected_controller.rb
+++ b/app/controllers/api/v1/protected_controller.rb
@ -85,7 +85,7 @@ module Api
      # XXX: Este header se puede falsificar de todas formas pero al
      # menos es una trampa.
      def site_is_origin?
-        return if site.urls(slash: false).any? { |u| origin.to_s.start_with? u }
+        return if origin? && site.urls(slash: false).any? { |u| origin.to_s.start_with? u }

        @reason = 'site_is_not_origin'
        head :precondition_required