| 957 | } |
| 958 | |
| 959 | func (h adminHandler) getOrigin(r *http.Request) (string, *url.URL) { |
| 960 | origin := r.Header.Get("Origin") |
| 961 | if origin == "" { |
| 962 | origin = r.Header.Get("Referer") |
| 963 | } |
| 964 | originURL, err := url.Parse(origin) |
| 965 | if err != nil { |
| 966 | return origin, nil |
| 967 | } |
| 968 | originURL.Path = "" |
| 969 | originURL.RawPath = "" |
| 970 | originURL.Fragment = "" |
| 971 | originURL.RawFragment = "" |
| 972 | originURL.RawQuery = "" |
| 973 | return origin, originURL |
| 974 | } |
| 975 | |
| 976 | func (h adminHandler) originAllowed(origin *url.URL) bool { |
| 977 | for _, allowedOrigin := range h.allowedOrigins { |