From 13b03b232ba9a5b3c30784adc3a8bf8f03b90f63 Mon Sep 17 00:00:00 2001
From: hesch <hesch@users.noreply.github.com>
Date: Thu, 11 Feb 2021 17:38:39 +0100
Subject: refactor: remove referer checks, as they are no longer needed
 (replaced by csrf tokens) (#3432)

---
 lib/lib_rss.php | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'lib/lib_rss.php')

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 39ac2c1f8..5d1fe6f43 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -393,23 +393,6 @@ function cryptAvailable() {
 	return false;
 }
 
-function is_referer_from_same_domain() {
-	if (empty($_SERVER['HTTP_REFERER'])) {
-		return true;	//Accept empty referer while waiting for good support of meta referrer same-origin policy in browsers
-	}
-	$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
-		(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
-	$referer = parse_url($_SERVER['HTTP_REFERER']);
-	if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
-		return false;
-	}
-	//TODO: check 'scheme', taking into account the case of a proxy
-	if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) {
-		return false;
-	}
-	return true;
-}
-
 
 /**
  * Check PHP and its extensions are well-installed.
-- 
cgit v1.2.3