From a9cad86d38f0f5370102c0486477f3c1f860b674 Mon Sep 17 00:00:00 2001
From: TsMask <340112800@qq.com>
Date: Tue, 17 Oct 2023 19:17:16 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20refere=E5=BC=80=E5=90=AF=E5=90=8C?=
 =?UTF-8?q?=E6=97=B6=E7=B1=BB=E5=9E=8B=E6=BB=A1=E8=B6=B3=E6=89=8D=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/framework/middleware/security/referer.go | 22 +++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/framework/middleware/security/referer.go b/src/framework/middleware/security/referer.go
index b716f7f4..f4e4ba2b 100644
--- a/src/framework/middleware/security/referer.go
+++ b/src/framework/middleware/security/referer.go
@@ -15,6 +15,9 @@ func referer(c *gin.Context) {
 	if v := config.Get("security.csrf.enable"); v != nil {
 		enable = v.(bool)
 	}
+	if !enable {
+		return
+	}
 
 	// csrf 校验类型
 	okType := false
@@ -59,16 +62,15 @@ func referer(c *gin.Context) {
 		}
 	}
 
-	if enable && okType {
-		ok := false
-		for _, domain := range refererWhiteList {
-			if domain == host {
-				ok = true
-			}
-		}
-		if !ok {
-			c.AbortWithStatusJSON(200, result.ErrMsg("无效 Referer "+host))
-			return
+	// 遍历检查
+	ok := false
+	for _, domain := range refererWhiteList {
+		if domain == host {
+			ok = true
 		}
 	}
+	if !ok {
+		c.AbortWithStatusJSON(200, result.ErrMsg("无效 Referer "+host))
+		return
+	}
 }