From e965df87d3febb1bbe171e95042e5dd0b4f853b5 Mon Sep 17 00:00:00 2001 From: devinxl Date: Wed, 10 Apr 2024 20:51:59 +0800 Subject: [PATCH] chore(dcellar-web-ui): just for test --- .../src/pages/api/bill_monthly/[[...slug]].ts | 2 ++ apps/dcellar-web-ui/src/utils/req.ts | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/apps/dcellar-web-ui/src/pages/api/bill_monthly/[[...slug]].ts b/apps/dcellar-web-ui/src/pages/api/bill_monthly/[[...slug]].ts index 545a7ff1..3b52dc70 100644 --- a/apps/dcellar-web-ui/src/pages/api/bill_monthly/[[...slug]].ts +++ b/apps/dcellar-web-ui/src/pages/api/bill_monthly/[[...slug]].ts @@ -5,6 +5,8 @@ import { NextApiRequest, NextApiResponse } from 'next'; import qs from 'query-string'; const handler = async (req: NextApiRequest, res: NextApiResponse) => { + console.error('req.headers.referer', req.headers.referer); + console.error('ALLOWED_DOMAINS', ALLOWED_DOMAINS); if (!isRefererAllowed(req.headers.referer || '', ALLOWED_DOMAINS)) { res.status(403).json({ message: 'Forbidden' }); } diff --git a/apps/dcellar-web-ui/src/utils/req.ts b/apps/dcellar-web-ui/src/utils/req.ts index 2e206700..fad8884f 100644 --- a/apps/dcellar-web-ui/src/utils/req.ts +++ b/apps/dcellar-web-ui/src/utils/req.ts @@ -1,6 +1,7 @@ const validLocalhostDomains: readonly string[] = ['localhost', '127.0.0.1', '::1']; export function isRefererAllowed(referrerURL: string, allowedDomainList: string): boolean { + console.log('referrerURL:', referrerURL); if (!referrerURL) { return false; } @@ -11,5 +12,12 @@ export function isRefererAllowed(referrerURL: string, allowedDomainList: string) .map((domain) => domain.trim()) .concat(validLocalhostDomains); + console.error('domain:', domain); + console.error('domains:', domains); + console.error( + 'domains.some:', + domains.some((allowedDomain) => domain.endsWith(allowedDomain)), + ); + return domains.some((allowedDomain) => domain.endsWith(allowedDomain)); }