forked from midou/invidious
Add Origin header checks
This commit is contained in:
parent
103949c61e
commit
2be240767c
@ -128,6 +128,15 @@ if CONFIG.geo_bypass
|
|||||||
end
|
end
|
||||||
|
|
||||||
before_all do |env|
|
before_all do |env|
|
||||||
|
if CONFIG.domains && env.request.headers["Origin"]?
|
||||||
|
origin = env.request.headers["Origin"]
|
||||||
|
domains = CONFIG.domains.not_nil!
|
||||||
|
|
||||||
|
if !domains.includes? origin
|
||||||
|
halt env, status_code: 403
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
|
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
|
||||||
env.response.headers["X-Content-Type-Options"] = "nosniff"
|
env.response.headers["X-Content-Type-Options"] = "nosniff"
|
||||||
|
|
||||||
|
@ -16,6 +16,7 @@ class Config
|
|||||||
hmac_key: String?,
|
hmac_key: String?,
|
||||||
full_refresh: Bool,
|
full_refresh: Bool,
|
||||||
geo_bypass: Bool,
|
geo_bypass: Bool,
|
||||||
|
domains: Array(String)?,
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user