[release] v0.10.4-unstable4

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.10.4-unstable3",
+  "version": "0.10.4-unstable4",
   "description": "",
   "main": "test-server.js",
   "bugs": {

src/authorizationserver/oauth2_token.go

@@ -8,6 +8,8 @@ import (
 )
 
 func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
+	utils.Log("Token endpoint")
+
 	// This context will be passed to all methods.
 	ctx := req.Context()
 

src/httpServer.go

@@ -159,7 +159,6 @@ func SecureAPI(userRouter *mux.Router, public bool) {
 		},
 	))
 	userRouter.Use(utils.MiddlewareTimeout(45 * time.Second))
-	userRouter.Use(utils.BlockPostWithoutReferer)
 	userRouter.Use(proxy.BotDetectionMiddleware)
 	userRouter.Use(httprate.Limit(120, 1*time.Minute, 
 		httprate.WithKeyFuncs(httprate.KeyByIP),

src/utils/middleware.go

@@ -177,6 +177,7 @@ func BlockPostWithoutReferer(next http.Handler) http.Handler {
 		if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" || r.Method == "DELETE" {
 			referer := r.Header.Get("Referer")
 			if referer == "" {
+				utils.Error("Blocked POST request without Referer header", nil)
 				http.Error(w, "Bad Request: Invalid request.", http.StatusBadRequest)
 				return
 			}