ivampiresp/Lae
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

改进 测试环境不生效

Browse Source
This commit is contained in:
iVampireSP.com 2023-02-14 20:11:32 +08:00
parent 03d4e7a6b8
commit bda41c34e5
No known key found for this signature in database
GPG Key ID: 2F7B001CA27A8132
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Middleware/Admin/ValidateReferer.php
View File

@ -15,14 +15,17 @@ class ValidateReferer
* *
* @param Request $request * @param Request $request
* @param Closure(Request): (Response|RedirectResponse) $next * @param Closure(Request): (Response|RedirectResponse) $next
*
* @return mixed * @return mixed
*/ */
public function handle(Request $request, Closure $next): mixed public function handle(Request $request, Closure $next): mixed
{ {
// return $next($request); if (app()->environment('local')) {
return $next($request);
}
// 如果 referer 不为空,且不是来自本站的请求,则返回 403 // 如果 referer 不为空,且不是来自本站的请求,则返回 403
if ($request->headers->get('referer') && ! Str::contains($request->headers->get('referer'), config('app.url'))) { if ($request->headers->get('referer') && !Str::contains($request->headers->get('referer'), config('app.url'))) {
abort(403, '来源不属于后台。'); abort(403, '来源不属于后台。');
} else { } else {
return $next($request); return $next($request);