iv-org-mirror/invidious-copy-2022-08-14
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2022-08-14.git synced 2024-08-15 00:53:20 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add header check for CSRF

Browse source
This commit is contained in:
Omar Roth 2018-09-05 20:32:01 -05:00
parent 62f023c50f
commit a749ac73ac
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/invidious.cr
View file

@ -106,6 +106,18 @@ spawn do
end end
before_all do |env| before_all do |env|
# CSRF
if Kemal.config.ssl || CONFIG.https_only
host = env.request.headers["Host"]?
if (env.request.headers["Origin"]?.try &.== host) ||
(env.request.headers["Referer"]?.try &.== host)
# All good!
else
halt env, status_code: 403, response: "Failed CSRF check"
end
end
if env.request.cookies.has_key? "SID" if env.request.cookies.has_key? "SID"
headers = HTTP::Headers.new headers = HTTP::Headers.new
headers["Cookie"] = env.request.headers["Cookie"] headers["Cookie"] = env.request.headers["Cookie"]