Referer check added to RequestControllers

main
Inga 🏳‍🌈 15 years ago
parent 73fcaa7ae7
commit 4ab799675c
  1. 6
      IISMainHandler/handlers/request/AbstractPostHandler.cs

@ -38,6 +38,12 @@ namespace FLocal.IISHandler.handlers.request {
} }
public void Handle(WebContext context) { public void Handle(WebContext context) {
Uri referer = context.httprequest.UrlReferrer;
if(referer == null || referer.Host != context.httprequest.Url.Host) {
throw new System.Web.HttpException(403, "Wrong referer");
}
if(this.shouldBeGuest && context.session != null) throw new FLocalException("Should be guest"); if(this.shouldBeGuest && context.session != null) throw new FLocalException("Should be guest");
if(this.shouldBeLoggedIn && context.session == null) throw new FLocalException("Should be anonymous"); if(this.shouldBeLoggedIn && context.session == null) throw new FLocalException("Should be anonymous");
context.httpresponse.Write(context.Transform(this.templateName, this.getData(context))); context.httpresponse.Write(context.Transform(this.templateName, this.getData(context)));

Loading…
Cancel
Save