Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2024-11-10 10:18:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add header check for CSRF"

Browse Source 
This reverts commit a749ac73ac.
This commit is contained in:
Omar Roth 2018-09-05 21:45:14 -05:00
parent 4f91854bd3
commit e590d39aa9
1 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/invidious.cr
View File

@ -106,21 +106,6 @@ spawn do
end end
before_all do |env| before_all do |env|
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"
# CSRF
if Kemal.config.ssl || CONFIG.https_only
host = env.request.headers["Host"]?
if (env.request.headers["Origin"]?.try &.== host) ||
(env.request.headers["Referer"]?.try &.== host)
# All good!
else
halt env, status_code: 403, response: "Failed CSRF check"
end
end
if env.request.cookies.has_key? "SID" if env.request.cookies.has_key? "SID"
headers = HTTP::Headers.new headers = HTTP::Headers.new
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]