From 113498b4bf2d4f452fb367f7db2e0944d2020b5d Mon Sep 17 00:00:00 2001 From: f Date: Thu, 29 Jul 2021 10:55:53 -0300 Subject: [PATCH] Usar el referer como fallback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mucha gente no puede enviar el formulario de contacto porque su navegador no envĂ­a el Origin, con esto al menos podemos recuperarlo del Referer. --- app/controllers/api/v1/protected_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/protected_controller.rb b/app/controllers/api/v1/protected_controller.rb index 4e49f3a..5a14bb2 100644 --- a/app/controllers/api/v1/protected_controller.rb +++ b/app/controllers/api/v1/protected_controller.rb @@ -85,7 +85,9 @@ module Api # XXX: Este header se puede falsificar de todas formas pero al # menos es una trampa. def site_is_origin? - return if origin? && site.urls(slash: false).any? { |u| origin.to_s.start_with? u } + return if site.urls(slash: false).any? do |u| + (origin || origin_from_referer).to_s.start_with? u + end @reason = 'site_is_not_origin' render plain: Rails.env.production? ? nil : @reason, status: :precondition_required