防盗链增加”同时检查Origin选项“

2025-11-13 03:40:27 +08:00 · 2023-05-02 17:05:35 +08:00
parent a517543e4e
commit 1194a829f3
4 changed files with 30 additions and 1 deletions
--- a/internal/web/actions/default/servers/server/settings/locations/referers/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/referers/index.go
@@ -38,6 +38,7 @@ func (this *IndexAction) RunGet(params struct {
 			AllowEmpty:      true,
 			AllowSameDomain: true,
 			AllowDomains:    nil,
+			CheckOrigin:     true,
 		}
 	}

--- a/internal/web/actions/default/servers/server/settings/referers/index.go
+++ b/internal/web/actions/default/servers/server/settings/referers/index.go
@@ -40,6 +40,7 @@ func (this *IndexAction) RunGet(params struct {
 			AllowEmpty:      true,
 			AllowSameDomain: true,
 			AllowDomains:    nil,
+			CheckOrigin:     true,
 		}
 	}

--- a/web/public/js/components/server/http-firewall-rules.js
+++ b/web/public/js/components/server/http-firewall-rules.js
@@ -261,6 +261,7 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 		let allowSameDomain = true
 		let allowDomains = []
 		let denyDomains = []
+		let checkOrigin = true

 		let options = {}
 		if (window.parent.UPDATING_RULE != null) {
@@ -282,6 +283,9 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 		if (options.denyDomains != null && typeof (options.denyDomains) == "object") {
 			denyDomains = options.denyDomains
 		}
+		if (typeof options.checkOrigin == "boolean") {
+			checkOrigin = options.checkOrigin
+		}

 		let that = this
 		setTimeout(function () {
@@ -293,6 +297,7 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 			allowSameDomain: allowSameDomain,
 			allowDomains: allowDomains,
 			denyDomains: denyDomains,
+			checkOrigin: checkOrigin,
 			options: {},
 			value: 0
 		}
@@ -303,6 +308,9 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 		},
 		allowSameDomain: function () {
 			this.change()
+		},
+		checkOrigin: function () {
+			this.change()
 		}
 	},
 	methods: {
@@ -332,6 +340,10 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 					code: "denyDomains",
 					value: this.denyDomains
 				},
+				{
+					code: "checkOrigin",
+					value: this.checkOrigin
+				}
 			]
 		}
 	},
@@ -367,6 +379,13 @@ Vue.component("http-firewall-checkpoint-referer-block", {
 				<p class="comment">禁止的来源域名列表，比如<code-label>example.org</code-label>、<code-label>*.example.org</code-label>；除了这些禁止的来源域名外，其他域名都会被允许，除非限定了允许的来源域名。</p>
 			</td>
 		</tr>
+		<tr>
+			<td>同时检查Origin</td>
+			<td>
+				<checkbox v-model="checkOrigin"></checkbox>
+				<p class="comment">如果请求没有指定Referer Header，则尝试检查Origin Header，多用于跨站调用。</p>
+			</td>
+		</tr>
 	</table>
 </div>`
 })
--- a/web/public/js/components/server/http-referers-config-box.js
+++ b/web/public/js/components/server/http-referers-config-box.js
@@ -9,7 +9,8 @@ Vue.component("http-referers-config-box", {
 				allowEmpty: true,
 				allowSameDomain: true,
 				allowDomains: [],
-				denyDomains: []
+				denyDomains: [],
+				checkOrigin: true
 			}
 		}
 		if (config.allowDomains == null) {
@@ -84,6 +85,13 @@ Vue.component("http-referers-config-box", {
 				<p class="comment">禁止的来源域名列表，比如<code-label>example.org</code-label>、<code-label>*.example.org</code-label>；除了这些禁止的来源域名外，其他域名都会被允许，除非限定了允许的来源域名。</p>
 			</td>
 		</tr>
+		<tr>
+			<td>同时检查Origin</td>
+			<td>
+				<checkbox v-model="config.checkOrigin"></checkbox>
+				<p class="comment">如果请求没有指定Referer Header，则尝试检查Origin Header，多用于跨站调用。</p>
+			</td>
+		</tr>
 	</tbody>
 </table>
 <div class="ui margin"></div>