We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 9637208 commit 49e2012Copy full SHA for 49e2012
src/Movim/Daemon/Core.php
@@ -306,7 +306,11 @@ private function isTrustedConnection(ConnectionInterface $conn): bool
306
$daemonKeyHeader = $conn->httpRequest->getHeader('MOVIM_DAEMON_KEY');
307
$secFetchSiteHeader = $conn->httpRequest->getHeader('Sec-Fetch-Site');
308
309
+ $sameOrigin = (is_array($secFetchSiteHeader) && !empty($secFetchSiteHeader))
310
+ ? $secFetchSiteHeader[0] == 'same-origin'
311
+ : parse_url($conn->httpRequest->getHeader('Origin')[0], PHP_URL_HOST) == parse_url($this->baseuri, PHP_URL_HOST);
312
+
313
return (is_array($daemonKeyHeader) && !empty($daemonKeyHeader) && $daemonKeyHeader[0] === $this->key)
- || (is_array($secFetchSiteHeader) && !empty($secFetchSiteHeader) && $secFetchSiteHeader[0] == 'same-origin');
314
+ || $sameOrigin;
315
}
316
0 commit comments