diff --git a/internal/web/actions/default/servers/server/settings/locations/referers/index.go b/internal/web/actions/default/servers/server/settings/locations/referers/index.go index 4dbccffe..ffc8946e 100644 --- a/internal/web/actions/default/servers/server/settings/locations/referers/index.go +++ b/internal/web/actions/default/servers/server/settings/locations/referers/index.go @@ -38,6 +38,7 @@ func (this *IndexAction) RunGet(params struct { AllowEmpty: true, AllowSameDomain: true, AllowDomains: nil, + CheckOrigin: true, } } diff --git a/internal/web/actions/default/servers/server/settings/referers/index.go b/internal/web/actions/default/servers/server/settings/referers/index.go index 1aa6f3ae..040cd783 100644 --- a/internal/web/actions/default/servers/server/settings/referers/index.go +++ b/internal/web/actions/default/servers/server/settings/referers/index.go @@ -40,6 +40,7 @@ func (this *IndexAction) RunGet(params struct { AllowEmpty: true, AllowSameDomain: true, AllowDomains: nil, + CheckOrigin: true, } } diff --git a/web/public/js/components/server/http-firewall-rules.js b/web/public/js/components/server/http-firewall-rules.js index db56522c..f1d52042 100644 --- a/web/public/js/components/server/http-firewall-rules.js +++ b/web/public/js/components/server/http-firewall-rules.js @@ -261,6 +261,7 @@ Vue.component("http-firewall-checkpoint-referer-block", { let allowSameDomain = true let allowDomains = [] let denyDomains = [] + let checkOrigin = true let options = {} if (window.parent.UPDATING_RULE != null) { @@ -282,6 +283,9 @@ Vue.component("http-firewall-checkpoint-referer-block", { if (options.denyDomains != null && typeof (options.denyDomains) == "object") { denyDomains = options.denyDomains } + if (typeof options.checkOrigin == "boolean") { + checkOrigin = options.checkOrigin + } let that = this setTimeout(function () { @@ -293,6 +297,7 @@ Vue.component("http-firewall-checkpoint-referer-block", { allowSameDomain: allowSameDomain, allowDomains: allowDomains, denyDomains: denyDomains, + checkOrigin: checkOrigin, options: {}, value: 0 } @@ -303,6 +308,9 @@ Vue.component("http-firewall-checkpoint-referer-block", { }, allowSameDomain: function () { this.change() + }, + checkOrigin: function () { + this.change() } }, methods: { @@ -332,6 +340,10 @@ Vue.component("http-firewall-checkpoint-referer-block", { code: "denyDomains", value: this.denyDomains }, + { + code: "checkOrigin", + value: this.checkOrigin + } ] } }, @@ -367,6 +379,13 @@ Vue.component("http-firewall-checkpoint-referer-block", {

禁止的来源域名列表,比如example.org*.example.org;除了这些禁止的来源域名外,其他域名都会被允许,除非限定了允许的来源域名。

+ + 同时检查Origin + + +

如果请求没有指定Referer Header,则尝试检查Origin Header,多用于跨站调用。

+ + ` }) \ No newline at end of file diff --git a/web/public/js/components/server/http-referers-config-box.js b/web/public/js/components/server/http-referers-config-box.js index 7f9a26b2..e75ac13f 100644 --- a/web/public/js/components/server/http-referers-config-box.js +++ b/web/public/js/components/server/http-referers-config-box.js @@ -9,7 +9,8 @@ Vue.component("http-referers-config-box", { allowEmpty: true, allowSameDomain: true, allowDomains: [], - denyDomains: [] + denyDomains: [], + checkOrigin: true } } if (config.allowDomains == null) { @@ -84,6 +85,13 @@ Vue.component("http-referers-config-box", {

禁止的来源域名列表,比如example.org*.example.org;除了这些禁止的来源域名外,其他域名都会被允许,除非限定了允许的来源域名。

+ + 同时检查Origin + + +

如果请求没有指定Referer Header,则尝试检查Origin Header,多用于跨站调用。

+ +