Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-18 15:40:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🎨 Authenticate requests with the Origin header other than 127.0.0.1 https://github.com/siyuan-note/siyuan/issues/9180

Browse source
This commit is contained in:
Daniel 2023-09-17 20:45:21 +08:00
parent 5e21b218b6
commit 0e7dcc0ea1
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
1 changed files with 15 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
kernel/model/session.go
View file

@ -165,14 +165,23 @@ func CheckAuth(c *gin.Context) {
u, parseErr := url.Parse(origin) u, parseErr := url.Parse(origin)
if nil != parseErr { if nil != parseErr {
logging.LogWarnf("parse origin [%s] failed: %s", origin, parseErr) logging.LogWarnf("parse origin [%s] failed: %s", origin, parseErr)
} else { c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
c.Abort()
return
}
if "chrome-extension" == strings.ToLower(u.Scheme) {
c.Next()
return
}
if !strings.HasPrefix(u.Host, util.LocalHost) && !strings.HasPrefix(u.Host, "[::1]") { if !strings.HasPrefix(u.Host, util.LocalHost) && !strings.HasPrefix(u.Host, "[::1]") {
c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"}) c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
c.Abort() c.Abort()
return return
} }
} }
}
c.Next() c.Next()
return return