diff options
| author | Omar Roth <omarroth@hotmail.com> | 2018-09-05 21:45:14 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@hotmail.com> | 2018-09-05 21:45:14 -0500 |
| commit | e590d39aa9a29577ad21c5d0bcf29f39cd9709f2 (patch) | |
| tree | 9ee8c1a20fd8dea80423eb482810ec2da82da768 | |
| parent | 4f91854bd34bc41167203d16eadb419591f44401 (diff) | |
| download | invidious-e590d39aa9a29577ad21c5d0bcf29f39cd9709f2.tar.gz invidious-e590d39aa9a29577ad21c5d0bcf29f39cd9709f2.tar.bz2 invidious-e590d39aa9a29577ad21c5d0bcf29f39cd9709f2.zip | |
Revert "Add header check for CSRF"
This reverts commit a749ac73acb19ec2e3897006183a4bb1f63ef99a.
| -rw-r--r-- | src/invidious.cr | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index 6a32736c..433c84c7 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -106,21 +106,6 @@ spawn do end before_all do |env| - env.response.headers["X-XSS-Protection"] = "1; mode=block;" - env.response.headers["X-Content-Type-Options"] = "nosniff" - - # CSRF - if Kemal.config.ssl || CONFIG.https_only - host = env.request.headers["Host"]? - - if (env.request.headers["Origin"]?.try &.== host) || - (env.request.headers["Referer"]?.try &.== host) - # All good! - else - halt env, status_code: 403, response: "Failed CSRF check" - end - end - if env.request.cookies.has_key? "SID" headers = HTTP::Headers.new headers["Cookie"] = env.request.headers["Cookie"] |