refactor: remove referer checks, as they are no longer needed (replaced by csrf tokens) (#3432)

author: hesch <hesch@users.noreply.github.com> 2021-02-11 17:38:39 +0100
committer: GitHub <noreply@github.com> 2021-02-11 17:38:39 +0100
commit: 13b03b232ba9a5b3c30784adc3a8bf8f03b90f63 (patch)
tree: 118f918203c3e0eae98a8e7b6bc1ffad13b880c5 /lib/lib_rss.php
parent: 54f04e1233b59f1b62c8a79060b59c786a142792 (diff)
1 files changed, 0 insertions, 17 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 39ac2c1f8..5d1fe6f43 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -393,23 +393,6 @@ function cryptAvailable() {
 	return false;
 }
 
-function is_referer_from_same_domain() {
-	if (empty($_SERVER['HTTP_REFERER'])) {
-		return true;	//Accept empty referer while waiting for good support of meta referrer same-origin policy in browsers
-	}
-	$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
-		(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
-	$referer = parse_url($_SERVER['HTTP_REFERER']);
-	if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
-		return false;
-	}
-	//TODO: check 'scheme', taking into account the case of a proxy
-	if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) {
-		return false;
-	}
-	return true;
-}
-
 
 /**
  * Check PHP and its extensions are well-installed.
author	hesch <hesch@users.noreply.github.com>	2021-02-11 17:38:39 +0100
committer	GitHub <noreply@github.com>	2021-02-11 17:38:39 +0100
commit	13b03b232ba9a5b3c30784adc3a8bf8f03b90f63 (patch)
tree	118f918203c3e0eae98a8e7b6bc1ffad13b880c5 /lib/lib_rss.php
parent	54f04e1233b59f1b62c8a79060b59c786a142792 (diff)