Set origin based on browser origin header
This commit is contained in:
@ -37,6 +37,9 @@ export async function onRequestPost(context: RequestContext) {
|
||||
if (!success) return errorResponse("Captcha test failed", 403);
|
||||
}
|
||||
|
||||
const origin = context.request.headers.get("Origin");
|
||||
if (!origin) return errorResponse("No origin header", 400);
|
||||
|
||||
if (bypass && !(context.data.current_user?.permissions & (1 << 5)))
|
||||
return errorResponse("Bypass directive cannot be used", 403);
|
||||
|
||||
@ -178,6 +181,7 @@ export async function onRequestPost(context: RequestContext) {
|
||||
`t/${fileUploadKey}`,
|
||||
file.size,
|
||||
fileExten,
|
||||
origin,
|
||||
),
|
||||
);
|
||||
}
|
||||
|
Reference in New Issue
Block a user