controller: Do not require local referrer.

This is problematic when using a reverse proxy.
author: Ricardo Wurmus <rekado@elephly.net> 2020-04-06 11:41:41 +0200
committer: Ricardo Wurmus <rekado@elephly.net> 2020-04-06 11:41:41 +0200
commit: bc477209faae4ecc6462d15348f1e897892eb963 (patch)
tree: 99101fa1091f6279455c06d9045de09d90527116
parent: bb2fe926b496dc44f783430ab16f5219bae36e81 (diff)
1 files changed, 0 insertions, 5 deletions
diff --git a/mumi/web/controller.scm b/mumi/web/controller.scm
index b787539..4c09873 100644
--- a/mumi/web/controller.scm
+++ b/mumi/web/controller.scm
@@ -127,11 +127,6 @@
                 ;; current issue id.
                 (and=> (assoc-ref cookie 'issue-id)
                        (cut string=? id <>))
-                ;; The request must come with a local referer
-                (and=> (assoc-ref headers 'referer)
-                       (lambda (referer)
-                         (equal? (uri-host referer)
-                                 (and=> (assoc-ref headers 'host) first))))
                 ;; The honeypot field "validation" must remain empty
                 (let ((val (assoc-ref form-data 'validation)))
                   (and val (string-null? (string-trim-both val))))
author	Ricardo Wurmus <rekado@elephly.net>	2020-04-06 11:41:41 +0200
committer	Ricardo Wurmus <rekado@elephly.net>	2020-04-06 11:41:41 +0200
commit	bc477209faae4ecc6462d15348f1e897892eb963 (patch)
tree	99101fa1091f6279455c06d9045de09d90527116
parent	bb2fe926b496dc44f783430ab16f5219bae36e81 (diff)