Merge pull request #58 from mutantmonkey/referrer_fixup2

trim trailing / for origin checking
This commit is contained in:
Andrei Marcu 2015-10-11 23:07:45 -04:00
commit 4fee922543
2 changed files with 3 additions and 2 deletions

View File

@ -16,7 +16,7 @@ func strictReferrerCheck(r *http.Request, prefix string, whitelistHeaders []stri
return false return false
} }
if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, prefix) { if origin := r.Header.Get("Origin"); origin != "" && !strings.HasPrefix(origin, strings.TrimSuffix(prefix, "/")) {
return false return false
} }

View File

@ -248,7 +248,7 @@ func TestPostCodeUploadBadOrigin(t *testing.T) {
req.PostForm = form req.PostForm = form
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Referer", Config.siteURL) req.Header.Set("Referer", Config.siteURL)
req.Header.Set("Origin", "http://example.com/") req.Header.Set("Origin", "http://example.com")
mux.ServeHTTP(w, req) mux.ServeHTTP(w, req)
@ -274,6 +274,7 @@ func TestPostCodeExpiryJSONUpload(t *testing.T) {
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Accept", "application/json") req.Header.Set("Accept", "application/json")
req.Header.Set("Referer", Config.siteURL) req.Header.Set("Referer", Config.siteURL)
req.Header.Set("Origin", strings.TrimSuffix(Config.siteURL, "/"))
mux.ServeHTTP(w, req) mux.ServeHTTP(w, req)