Merge branch 'master' of github.com:appwrite/appwrite into restify

2024-06-26 10:10:57 +12:00 · 2020-02-04 23:00:22 +02:00 · 2020-02-04 23:00:22 +02:00 · a599aeffe1
parent 820fc656cc 4066c65383
commit a599aeffe1
2 changed files with 8 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -7,16 +7,13 @@
    <br />
 </p>

-[![Docker Pulls](https://img.shields.io/docker/pulls/appwrite/appwrite.svg)](https://hub.docker.com/r/appwrite/appwrite)
-[![Discord](https://img.shields.io/discord/564160730845151244)](https://discord.gg/GSeTUeA)
-[![Build Status](https://travis-ci.org/appwrite/appwrite.svg?branch=master)](https://travis-ci.org/appwrite/appwrite)
-[![GitHub stars](https://img.shields.io/github/stars/appwrite/appwrite.svg)](https://github.com/appwrite/appwrite/stargazers)
-[![Follow  Appwrite on StackShare](https://img.stackshare.io/misc/follow-on-stackshare-badge.svg)](https://stackshare.io/appwrite)
-[![Follow new releases](https://app.releasly.co/assets/badges/badge-blue.svg)](https://app.releasly.co/sites/appwrite/appwrite?utm_source=github_badge)
-[![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause)
-[![Twitter Follow](https://img.shields.io/twitter/follow/appwrite_io?style=social)](https://twitter.com/appwrite_io)

---
+[![Discord](https://img.shields.io/discord/564160730845151244)](https://discord.gg/GSeTUeA)
+[![Docker Pulls](https://badgen.net/docker/pulls/appwrite/appwrite)](https://travis-ci.org/appwrite/appwrite)
+[![Travis CI](https://badgen.net/travis/appwrite/appwrite?label=build)](https://travis-ci.org/appwrite/appwrite)
+[![Twitter Account](https://badgen.net/twitter/follow/appwrite_io?label=twitter)](https://twitter.com/appwrite_io)
+[![Follow Appwrite on StackShare](https://badgen.net/badge/follow%20on/stackshare/blue)](https://stackshare.io/appwrite)
+

 Appwrite is a simple self-hosted backend server for web and mobile developers with a shiny dashboard and a very easy-to-use REST API.

--- a/app/app.php
+++ b/app/app.php
@ -83,11 +83,12 @@ $utopia->init(function () use ($utopia, $request, $response, &$user, $project, $
    /*
     * Validate Client Domain - Check to avoid CSRF attack
     *  Adding Appwrite API domains to allow XDOMAIN communication
+     *  Skip this check for non-web platforms which are not requiredto send an origin header
     */
    $hostValidator = new Host($clients);
    $origin = $request->getServer('HTTP_ORIGIN', $request->getServer('HTTP_REFERER', ''));
    
-    if (!$hostValidator->isValid($origin)
+    if (!empty($origin) && !$hostValidator->isValid($origin)
        && in_array($request->getMethod(), [Request::METHOD_POST, Request::METHOD_PUT, Request::METHOD_PATCH, Request::METHOD_DELETE])
        && empty($request->getHeader('X-Appwrite-Key', ''))) {
        throw new Exception('Access from this client host is forbidden. '.$hostValidator->getDescription(), 403);