32bitcafe/webweav.ing
1
1
Fork 0
Code Issues 12 Pull Requests Packages Projects 1 Releases Wiki Activity

Implement remote embedding of guestbooks #25

Merged
yequari merged 7 commits from clients into dev 2025-06-29 16:57:37 +00:00
Conversation 0 Commits 7 Files Changed 25 +15
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 306053b1e3 - Show all commits

5
cmd/web/handlers_guestbook.go
View File

@ -257,6 +257,11 @@ func (app *application) postGuestbookCommentCreateRemote(w http.ResponseWriter,
return
}
if normalizeUrl(r.Header.Get("Origin")) != normalizeUrl(website.SiteUrl) {
app.clientError(w, http.StatusForbidden)
return
}
if !website.Guestbook.CanComment() {
app.clientError(w, http.StatusForbidden)
return

10
cmd/web/helpers.go
View File

@ -7,6 +7,7 @@ import (
"net/http"
"runtime/debug"
"strconv"
"strings"
"time"
"git.32bit.cafe/32bitcafe/guestbook/internal/models"
@ -127,3 +128,12 @@ func (app *application) durationToTime(duration string) (time.Time, error) {
result = time.Now().UTC().Add(offset)
return result, nil
}
func normalizeUrl(url string) string {
r, f := strings.CutPrefix(url, "http://")
if f {
return r
}
r, _ = strings.CutPrefix(url, "https://")
return r
}