Set origin based on browser origin header

This commit is contained in:
2023-10-19 16:50:17 -04:00
parent 45e05d78c7
commit e0f2a79d70
2 changed files with 6 additions and 4 deletions

View File

@ -37,6 +37,9 @@ export async function onRequestPost(context: RequestContext) {
if (!success) return errorResponse("Captcha test failed", 403);
}
const origin = context.request.headers.get("Origin");
if (!origin) return errorResponse("No origin header", 400);
if (bypass && !(context.data.current_user?.permissions & (1 << 5)))
return errorResponse("Bypass directive cannot be used", 403);
@ -178,6 +181,7 @@ export async function onRequestPost(context: RequestContext) {
`t/${fileUploadKey}`,
file.size,
fileExten,
origin,
),
);
}