From 1ce42346bcc51147536d0eb78423403ac7bdf00b Mon Sep 17 00:00:00 2001
From: Yann Stepienik <azukaar@gmail.com>
Date: Sat, 14 Oct 2023 23:34:08 +0100
Subject: [PATCH] [release] v0.10.4-unstable4

---
 package.json                            | 2 +-
 src/authorizationserver/oauth2_token.go | 2 ++
 src/httpServer.go                       | 1 -
 src/utils/middleware.go                 | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index fdf5669..9554253 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cosmos-server",
-  "version": "0.10.4-unstable3",
+  "version": "0.10.4-unstable4",
   "description": "",
   "main": "test-server.js",
   "bugs": {
diff --git a/src/authorizationserver/oauth2_token.go b/src/authorizationserver/oauth2_token.go
index 9301373..83db5be 100644
--- a/src/authorizationserver/oauth2_token.go
+++ b/src/authorizationserver/oauth2_token.go
@@ -8,6 +8,8 @@ import (
 )
 
 func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
+	utils.Log("Token endpoint")
+
 	// This context will be passed to all methods.
 	ctx := req.Context()
 
diff --git a/src/httpServer.go b/src/httpServer.go
index 2ecdaa8..6814434 100644
--- a/src/httpServer.go
+++ b/src/httpServer.go
@@ -159,7 +159,6 @@ func SecureAPI(userRouter *mux.Router, public bool) {
 		},
 	))
 	userRouter.Use(utils.MiddlewareTimeout(45 * time.Second))
-	userRouter.Use(utils.BlockPostWithoutReferer)
 	userRouter.Use(proxy.BotDetectionMiddleware)
 	userRouter.Use(httprate.Limit(120, 1*time.Minute, 
 		httprate.WithKeyFuncs(httprate.KeyByIP),
diff --git a/src/utils/middleware.go b/src/utils/middleware.go
index cd75f33..2c09468 100644
--- a/src/utils/middleware.go
+++ b/src/utils/middleware.go
@@ -177,6 +177,7 @@ func BlockPostWithoutReferer(next http.Handler) http.Handler {
 		if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" || r.Method == "DELETE" {
 			referer := r.Header.Get("Referer")
 			if referer == "" {
+				utils.Error("Blocked POST request without Referer header", nil)
 				http.Error(w, "Bad Request: Invalid request.", http.StatusBadRequest)
 				return
 			}