Skip to content

Commit

Permalink
fixes #3: disable host check via env added
Browse files Browse the repository at this point in the history
  • Loading branch information
@therohitdas
therohitdas committed Jan 30, 2022
1 parent ac97fa1 commit 3ef1f0a
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions image.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
$allowed_hosts = getenv("ALLOWED_HOST");
$allowed_hosts = strtolower($allowed_hosts);
$allowed_hosts = explode(",", $allowed_hosts);
$disable_host_check = getenv("DISABLE_HOST_CHECK") === "true";

if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$origin = $_SERVER['HTTP_ORIGIN'];
Expand Down Expand Up @@ -86,9 +87,11 @@
}
elseif ($_SERVER["REQUEST_METHOD"] == "GET") {
// allowed host check
if ($origin !== false && (!in_array($origin, $allowed_hosts))) {
echo json_encode(array("error" => "Unauthorized"));
die();
if (!$disable_host_check){
if ($origin !== false && (!in_array($origin, $allowed_hosts))) {
echo json_encode(array("error" => "Unauthorized"));
die();
}
}
if (isset($_GET["id"]) && strlen($_GET["id"]) <= 10) {
if ($imageUploader->exists($_GET["id"])) {
Expand Down

0 comments on commit 3ef1f0a

Please sign in to comment.