5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-22 20:46:21 +00:00

algunos navegadores no envían origin

This commit is contained in:
f 2020-09-28 18:46:55 -03:00
parent aae96ede6f
commit 91a87405bc
2 changed files with 6 additions and 1 deletions

View file

@ -26,6 +26,11 @@ module Api
def origin
request.headers['Origin']
end
# Los navegadores antiguos no envían Origin
def origin?
!origin.blank?
end
end
end
end

View file

@ -85,7 +85,7 @@ module Api
# XXX: Este header se puede falsificar de todas formas pero al
# menos es una trampa.
def site_is_origin?
return if site.urls(slash: false).any? { |u| origin.to_s.start_with? u }
return if origin? && site.urls(slash: false).any? { |u| origin.to_s.start_with? u }
@reason = 'site_is_not_origin'
head :precondition_required