diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2020-04-06 11:41:41 +0200 |
---|---|---|
committer | Ricardo Wurmus <rekado@elephly.net> | 2020-04-06 11:41:41 +0200 |
commit | bc477209faae4ecc6462d15348f1e897892eb963 (patch) | |
tree | 99101fa1091f6279455c06d9045de09d90527116 | |
parent | bb2fe926b496dc44f783430ab16f5219bae36e81 (diff) |
controller: Do not require local referrer.
This is problematic when using a reverse proxy.
-rw-r--r-- | mumi/web/controller.scm | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/mumi/web/controller.scm b/mumi/web/controller.scm index b787539..4c09873 100644 --- a/mumi/web/controller.scm +++ b/mumi/web/controller.scm @@ -127,11 +127,6 @@ ;; current issue id. (and=> (assoc-ref cookie 'issue-id) (cut string=? id <>)) - ;; The request must come with a local referer - (and=> (assoc-ref headers 'referer) - (lambda (referer) - (equal? (uri-host referer) - (and=> (assoc-ref headers 'host) first)))) ;; The honeypot field "validation" must remain empty (let ((val (assoc-ref form-data 'validation))) (and val (string-null? (string-trim-both val)))) |