fixup! security: restrict the setting of CORS headers to inv.nadeko.net related domains
All checks were successful
CI / build (push) Successful in 4m31s
All checks were successful
CI / build (push) Successful in 4m31s
This commit is contained in:
parent
939f4da3f7
commit
848ad555f7
GPG key ID:
32C1DDF333EDA6A4
1 changed files with 1 additions and 1 deletions
2
main.go
2
main.go
|
|
@ -330,7 +330,7 @@ func beforeProxy(next http.HandlerFunc) http.HandlerFunc {
|
|||
// Only allow requests from origin inv.nadeko.net
|
||||
// Why? Because I don't want anyone to use this proxy for their own purposes.
|
||||
// Hardcoded because I'm lazy lol!
|
||||
origin := req.URL.Query().Get("Origin")
|
||||
origin := req.Header.Get("Origin")
|
||||
if origin == "https://inv.nadeko.net" || origin == "https://materialious.nadeko.net" {
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "*")
|
||||
|
|
|
|||
Loading…
Reference in a new issue