Merge branch 'master' of github.com:appwrite/appwrite into restify
This commit is contained in:
commit
a599aeffe1
2 changed files with 8 additions and 10 deletions
15
README.md
15
README.md
|
@ -7,16 +7,13 @@
|
||||||
<br />
|
<br />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
[![Docker Pulls](https://img.shields.io/docker/pulls/appwrite/appwrite.svg)](https://hub.docker.com/r/appwrite/appwrite)
|
|
||||||
[![Discord](https://img.shields.io/discord/564160730845151244)](https://discord.gg/GSeTUeA)
|
|
||||||
[![Build Status](https://travis-ci.org/appwrite/appwrite.svg?branch=master)](https://travis-ci.org/appwrite/appwrite)
|
|
||||||
[![GitHub stars](https://img.shields.io/github/stars/appwrite/appwrite.svg)](https://github.com/appwrite/appwrite/stargazers)
|
|
||||||
[![Follow Appwrite on StackShare](https://img.stackshare.io/misc/follow-on-stackshare-badge.svg)](https://stackshare.io/appwrite)
|
|
||||||
[![Follow new releases](https://app.releasly.co/assets/badges/badge-blue.svg)](https://app.releasly.co/sites/appwrite/appwrite?utm_source=github_badge)
|
|
||||||
[![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause)
|
|
||||||
[![Twitter Follow](https://img.shields.io/twitter/follow/appwrite_io?style=social)](https://twitter.com/appwrite_io)
|
|
||||||
|
|
||||||
---
|
[![Discord](https://img.shields.io/discord/564160730845151244)](https://discord.gg/GSeTUeA)
|
||||||
|
[![Docker Pulls](https://badgen.net/docker/pulls/appwrite/appwrite)](https://travis-ci.org/appwrite/appwrite)
|
||||||
|
[![Travis CI](https://badgen.net/travis/appwrite/appwrite?label=build)](https://travis-ci.org/appwrite/appwrite)
|
||||||
|
[![Twitter Account](https://badgen.net/twitter/follow/appwrite_io?label=twitter)](https://twitter.com/appwrite_io)
|
||||||
|
[![Follow Appwrite on StackShare](https://badgen.net/badge/follow%20on/stackshare/blue)](https://stackshare.io/appwrite)
|
||||||
|
|
||||||
|
|
||||||
Appwrite is a simple self-hosted backend server for web and mobile developers with a shiny dashboard and a very easy-to-use REST API.
|
Appwrite is a simple self-hosted backend server for web and mobile developers with a shiny dashboard and a very easy-to-use REST API.
|
||||||
|
|
||||||
|
|
|
@ -83,11 +83,12 @@ $utopia->init(function () use ($utopia, $request, $response, &$user, $project, $
|
||||||
/*
|
/*
|
||||||
* Validate Client Domain - Check to avoid CSRF attack
|
* Validate Client Domain - Check to avoid CSRF attack
|
||||||
* Adding Appwrite API domains to allow XDOMAIN communication
|
* Adding Appwrite API domains to allow XDOMAIN communication
|
||||||
|
* Skip this check for non-web platforms which are not requiredto send an origin header
|
||||||
*/
|
*/
|
||||||
$hostValidator = new Host($clients);
|
$hostValidator = new Host($clients);
|
||||||
$origin = $request->getServer('HTTP_ORIGIN', $request->getServer('HTTP_REFERER', ''));
|
$origin = $request->getServer('HTTP_ORIGIN', $request->getServer('HTTP_REFERER', ''));
|
||||||
|
|
||||||
if (!$hostValidator->isValid($origin)
|
if (!empty($origin) && !$hostValidator->isValid($origin)
|
||||||
&& in_array($request->getMethod(), [Request::METHOD_POST, Request::METHOD_PUT, Request::METHOD_PATCH, Request::METHOD_DELETE])
|
&& in_array($request->getMethod(), [Request::METHOD_POST, Request::METHOD_PUT, Request::METHOD_PATCH, Request::METHOD_DELETE])
|
||||||
&& empty($request->getHeader('X-Appwrite-Key', ''))) {
|
&& empty($request->getHeader('X-Appwrite-Key', ''))) {
|
||||||
throw new Exception('Access from this client host is forbidden. '.$hostValidator->getDescription(), 403);
|
throw new Exception('Access from this client host is forbidden. '.$hostValidator->getDescription(), 403);
|
||||||
|
|
Loading…
Reference in a new issue