Add csrf checking for cookie posts, fix file hotlinking

This commit is contained in:
Jonathan Cremin 2015-08-10 11:44:47 +01:00
parent 9ccf3d855e
commit b9c6598250
7 changed files with 27 additions and 16 deletions

View file

@ -17,7 +17,7 @@ const userAgentCheck = function(userAgent) {
};
const hotlinkCheck = function(file, userAgent, referrer) {
return !userAgentCheck(userAgent) && !file.width && !(referrer.match(/^https:\/\/hostr.co/) || referrer.match(/^http:\/\/localhost:4040/))
return !userAgentCheck(userAgent) && !file.width && (!referrer || !(referrer.match(/^https:\/\/hostr.co/) || referrer.match(/^http:\/\/localhost:4040/)))
};
export function* get(id, name, size) {