MCPcopy
hub / github.com/gofiber/fiber / refererMatchesHost

Function refererMatchesHost

middleware/csrf/csrf.go:392–420  ·  view source on GitHub ↗

refererMatchesHost checks that the referer header matches the host header returns an error if the referer header is not present or is invalid returns nil if the referer header is valid

(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins []subdomain)

Source from the content-addressed store, hash-verified

390// returns an error if the referer header is not present or is invalid
391// returns nil if the referer header is valid
392func refererMatchesHost(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins []subdomain) error {
393 referer := utilsstrings.ToLower(c.Get(fiber.HeaderReferer))
394 if referer == "" {
395 return ErrRefererNotFound
396 }
397
398 refererURL, err := url.Parse(referer)
399 if err != nil {
400 return ErrRefererInvalid
401 }
402
403 if schemehost.Match(refererURL.Scheme, refererURL.Host, c.Scheme(), c.Host()) {
404 return nil
405 }
406
407 refererOrigin := refererURL.Scheme + "://" + refererURL.Host
408
409 if slices.Contains(trustedOrigins, refererOrigin) {
410 return nil
411 }
412
413 for _, trustedSubOrigin := range trustedSubOrigins {
414 if trustedSubOrigin.match(refererOrigin) {
415 return nil
416 }
417 }
418
419 return ErrRefererNoMatch
420}

Callers 1

NewFunction · 0.85

Calls 7

MatchFunction · 0.92
ContainsMethod · 0.80
GetMethod · 0.65
ParseMethod · 0.65
SchemeMethod · 0.65
HostMethod · 0.65
matchMethod · 0.45

Tested by

no test coverage detected