diff options
| author |  hesch <hesch@users.noreply.github.com>
| 2021-02-11 17:38:39 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2021-02-11 17:38:39 +0100 |
| commit | 13b03b232ba9a5b3c30784adc3a8bf8f03b90f63 (patch) | |
| tree | 118f918203c3e0eae98a8e7b6bc1ffad13b880c5 /lib | |
| parent | 54f04e1233b59f1b62c8a79060b59c786a142792 (diff) | |
refactor: remove referer checks, as they are no longer needed (replaced by csrf tokens) (#3432)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/lib_install.php | 4 | ||||
| -rw-r--r-- | lib/lib_rss.php | 17 |
2 files changed, 1 insertions, 20 deletions
diff --git a/lib/lib_install.php b/lib/lib_install.php index f8b2ba969..e1a4c98dd 100644 --- a/lib/lib_install.php +++ b/lib/lib_install.php @@ -46,7 +46,6 @@ function checkRequirements($dbType = '') { $tmp = TMP_PATH && is_writable(TMP_PATH); $users = USERS_PATH && is_writable(USERS_PATH); $favicons = is_writable(join_path(DATA_PATH, 'favicons')); - $http_referer = is_referer_from_same_domain(); return array( 'php' => $php ? 'ok' : 'ko', @@ -67,10 +66,9 @@ function checkRequirements($dbType = '') { 'tmp' => $tmp ? 'ok' : 'ko', 'users' => $users ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', - 'http_referer' => $http_referer ? 'ok' : 'ko', 'message' => $message ?: '', 'all' => $php && $curl && $pdo && $pcre && $ctype && $dom && $xml && - $data && $cache && $tmp && $users && $favicons && $http_referer && $message == '' ? 'ok' : 'ko' + $data && $cache && $tmp && $users && $favicons && $message == '' ? 'ok' : 'ko' ); } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 39ac2c1f8..5d1fe6f43 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -393,23 +393,6 @@ function cryptAvailable() { return false; } -function is_referer_from_same_domain() { - if (empty($_SERVER['HTTP_REFERER'])) { - return true; //Accept empty referer while waiting for good support of meta referrer same-origin policy in browsers - } - $host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') . - (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'])); - $referer = parse_url($_SERVER['HTTP_REFERER']); - if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { - return false; - } - //TODO: check 'scheme', taking into account the case of a proxy - if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) { - return false; - } - return true; -} - /** * Check PHP and its extensions are well-installed. |