Fijxu/http3-ytproxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fixup! security: restrict the setting of CORS headers to inv.nadeko.net related domains
All checks were successful
CI / build (push) Successful in 4m31s
Details

Browse source
This commit is contained in:
Fijxu 2024-11-12 09:58:02 -03:00
parent 939f4da3f7
commit 848ad555f7
Signed by: Fijxu
GPG key ID: 32C1DDF333EDA6A4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
main.go
View file

@ -330,7 +330,7 @@ func beforeProxy(next http.HandlerFunc) http.HandlerFunc {
// Only allow requests from origin inv.nadeko.net // Only allow requests from origin inv.nadeko.net
// Why? Because I don't want anyone to use this proxy for their own purposes. // Why? Because I don't want anyone to use this proxy for their own purposes.
// Hardcoded because I'm lazy lol! // Hardcoded because I'm lazy lol!
origin := req.URL.Query().Get("Origin") origin := req.Header.Get("Origin")
if origin == "https://inv.nadeko.net" || origin == "https://materialious.nadeko.net" { if origin == "https://inv.nadeko.net" || origin == "https://materialious.nadeko.net" {
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "*") w.Header().Set("Access-Control-Allow-Headers", "*")