]> Sergey Matveev's repositories - public-inbox.git/commit
projects / public-inbox.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: f1e4e14) | patch
www: loosen deep-linking prevention
authorEric Wong <e@80x24.org>
Tue, 15 Mar 2022 20:45:02 +0000 (20:45 +0000)
committerEric Wong <e@80x24.org>
Tue, 22 Mar 2022 08:32:24 +0000 (08:32 +0000)
commitfcf9cd6dc8b35a0f386d39a0823b693855cd8715
tree105e351b127b0285f615e6eaaeaf7a64d021bce8tree
parentf1e4e14793d155ea7d6ed7a6858b668e97c7e5d8commit | diff
www: loosen deep-linking prevention

Apparently some browsers can set a Referer: header which fails
to match.  I'm not certain why, but making "$schema://$HOST_PORT"
matches case-insensitive seems more correct regardless.

In case that doesn't work, we'll also allow bypassing deep-link
prevention via a POST form button.

Reported-by: Vlastimil Babka <vbabka@suse.cz>
Link: https://public-inbox.org/meta/93ebfbd1-9924-481c-4edc-9b232d1e995c@suse.cz/
lib/PublicInbox/WWW.pm diff | blob | history
lib/PublicInbox/WwwAttach.pm diff | blob | history
My patches to https://public-inbox.org/public-inbox.git