fix: refere开启同时类型满足才支持

2023-10-17 19:17:16 +08:00
parent 1f65aa2852
commit a9cad86d38
1 changed files with 12 additions and 10 deletions
--- a/src/framework/middleware/security/referer.go
+++ b/src/framework/middleware/security/referer.go
@@ -15,6 +15,9 @@ func referer(c *gin.Context) {
 	if v := config.Get("security.csrf.enable"); v != nil {
 		enable = v.(bool)
 	}
+	if !enable {
+		return
+	}

 	// csrf 校验类型
 	okType := false
@@ -59,7 +62,7 @@ func referer(c *gin.Context) {
 		}
 	}

-	if enable && okType {
+	// 遍历检查
 	ok := false
 	for _, domain := range refererWhiteList {
 		if domain == host {
@@ -70,5 +73,4 @@ func referer(c *gin.Context) {
 		c.AbortWithStatusJSON(200, result.ErrMsg("无效 Referer "+host))
 		return
 	}
-	}
 }