MCPcopy
hub / github.com/caddyserver/caddy / checkOrigin

Method checkOrigin

admin.go:942–957  ·  admin.go::adminHandler.checkOrigin

checkOrigin ensures that the Origin header, if set, matches the intended target; prevents arbitrary sites from issuing requests to our listener. It returns the origin that was obtained from r.

(r *http.Request)

Source from the content-addressed store, hash-verified

940// sites from issuing requests to our listener. It
941// returns the origin that was obtained from r.
942func (h adminHandler) checkOrigin(r *http.Request) (string, error) {
943 originStr, origin := h.getOrigin(r)
944 if origin == nil {
945 return "", APIError{
946 HTTPStatus: http.StatusForbidden,
947 Err: fmt.Errorf("required Origin header is missing or invalid"),
948 }
949 }
950 if !h.originAllowed(origin) {
951 return "", APIError{
952 HTTPStatus: http.StatusForbidden,
953 Err: fmt.Errorf("client is not allowed to access from origin '%s'", originStr),
954 }
955 }
956 return origin.String(), nil
957}
958
959func (h adminHandler) getOrigin(r *http.Request) (string, *url.URL) {
960 origin := r.Header.Get("Origin")

Callers 1

serveHTTPMethod · 0.95

Calls 3

getOriginMethod · 0.95
originAllowedMethod · 0.95
StringMethod · 0.45

Tested by

no test coverage detected