refererMatchesHost checks that the referer header matches the host header returns an error if the referer header is not present or is invalid returns nil if the referer header is valid
(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins []subdomain)
| 390 | // returns an error if the referer header is not present or is invalid |
| 391 | // returns nil if the referer header is valid |
| 392 | func refererMatchesHost(c fiber.Ctx, trustedOrigins []string, trustedSubOrigins []subdomain) error { |
| 393 | referer := utilsstrings.ToLower(c.Get(fiber.HeaderReferer)) |
| 394 | if referer == "" { |
| 395 | return ErrRefererNotFound |
| 396 | } |
| 397 | |
| 398 | refererURL, err := url.Parse(referer) |
| 399 | if err != nil { |
| 400 | return ErrRefererInvalid |
| 401 | } |
| 402 | |
| 403 | if schemehost.Match(refererURL.Scheme, refererURL.Host, c.Scheme(), c.Host()) { |
| 404 | return nil |
| 405 | } |
| 406 | |
| 407 | refererOrigin := refererURL.Scheme + "://" + refererURL.Host |
| 408 | |
| 409 | if slices.Contains(trustedOrigins, refererOrigin) { |
| 410 | return nil |
| 411 | } |
| 412 | |
| 413 | for _, trustedSubOrigin := range trustedSubOrigins { |
| 414 | if trustedSubOrigin.match(refererOrigin) { |
| 415 | return nil |
| 416 | } |
| 417 | } |
| 418 | |
| 419 | return ErrRefererNoMatch |
| 420 | } |