github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-02-02 23:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

ops: don't allow no origin

Browse Source
This commit is contained in:
KernelDeimos 2024-11-24 16:14:58 -05:00
parent 39c7df9bb5
commit df42d433c9
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/src/services/WebServerService.js
View File

@ -359,6 +359,12 @@ class WebServerService extends BaseService {
req.connection?.remoteAddress,
};
await svc_event.emit('ip.validate', event);
// check if no origin
if ( req.method === 'POST' && req.headers.origin === undefined ) {
event.allow = false;
}
if ( ! event.allow ) {
return res.status(403).send('Forbidden');
}