[release] v0.10.4-unstable4
This commit is contained in:
parent
1a41872613
commit
1ce42346bc
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.10.4-unstable3",
|
||||
"version": "0.10.4-unstable4",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -8,6 +8,8 @@ import (
|
|||
)
|
||||
|
||||
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
|
||||
utils.Log("Token endpoint")
|
||||
|
||||
// This context will be passed to all methods.
|
||||
ctx := req.Context()
|
||||
|
||||
|
|
|
@ -159,7 +159,6 @@ func SecureAPI(userRouter *mux.Router, public bool) {
|
|||
},
|
||||
))
|
||||
userRouter.Use(utils.MiddlewareTimeout(45 * time.Second))
|
||||
userRouter.Use(utils.BlockPostWithoutReferer)
|
||||
userRouter.Use(proxy.BotDetectionMiddleware)
|
||||
userRouter.Use(httprate.Limit(120, 1*time.Minute,
|
||||
httprate.WithKeyFuncs(httprate.KeyByIP),
|
||||
|
|
|
@ -177,6 +177,7 @@ func BlockPostWithoutReferer(next http.Handler) http.Handler {
|
|||
if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" || r.Method == "DELETE" {
|
||||
referer := r.Header.Get("Referer")
|
||||
if referer == "" {
|
||||
utils.Error("Blocked POST request without Referer header", nil)
|
||||
http.Error(w, "Bad Request: Invalid request.", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue