(r *http.Request, originHosts []string)
| 226 | } |
| 227 | |
| 228 | func authenticateOrigin(r *http.Request, originHosts []string) error { |
| 229 | origin := r.Header.Get("Origin") |
| 230 | if origin == "" { |
| 231 | return nil |
| 232 | } |
| 233 | |
| 234 | u, err := url.Parse(origin) |
| 235 | if err != nil { |
| 236 | return fmt.Errorf("failed to parse Origin header %q: %w", origin, err) |
| 237 | } |
| 238 | |
| 239 | if strings.EqualFold(r.Host, u.Host) { |
| 240 | return nil |
| 241 | } |
| 242 | |
| 243 | for _, hostPattern := range originHosts { |
| 244 | target := u.Host |
| 245 | if strings.Contains(hostPattern, "://") { |
| 246 | target = u.Scheme + "://" + u.Host |
| 247 | } |
| 248 | matched, err := match(hostPattern, target) |
| 249 | if err != nil { |
| 250 | return fmt.Errorf("failed to parse path pattern %q: %w", hostPattern, err) |
| 251 | } |
| 252 | if matched { |
| 253 | return nil |
| 254 | } |
| 255 | } |
| 256 | if u.Host == "" { |
| 257 | return fmt.Errorf("request Origin %q is not a valid URL with a host", origin) |
| 258 | } |
| 259 | return fmt.Errorf("request Origin %q is not authorized for Host %q", u.Host, r.Host) |
| 260 | } |
| 261 | |
| 262 | func match(pattern, s string) (bool, error) { |
| 263 | return path.Match(strings.ToLower(pattern), strings.ToLower(s)) |
searching dependent graphs…