Set origin based on browser origin header

2023-10-19 16:50:17 -04:00
parent 45e05d78c7
commit e0f2a79d70
2 changed files with 6 additions and 4 deletions
--- a/functions/api/reports/submit.ts
+++ b/functions/api/reports/submit.ts
@ -37,6 +37,9 @@ export async function onRequestPost(context: RequestContext) {
    if (!success) return errorResponse("Captcha test failed", 403);
  }

+  const origin = context.request.headers.get("Origin");
+  if (!origin) return errorResponse("No origin header", 400);
+
  if (bypass && !(context.data.current_user?.permissions & (1 << 5)))
    return errorResponse("Bypass directive cannot be used", 403);

@ -178,6 +181,7 @@ export async function onRequestPost(context: RequestContext) {
        `t/${fileUploadKey}`,
        file.size,
        fileExten,
+        origin,
      ),
    );
  }