moon
/
bloat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make redirection work without Referer header

This commit is contained in:
r 2021-01-17 05:44:07 +00:00
parent e8bfd3093b
commit f4620a8c69
10 changed files with 61 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
renderer/model.go
View File

@ -14,6 +14,7 @@ type Context struct {
CSRFToken string
UserID string
AntiDopamineMode bool
Referrer string
}
type NavData struct {

11
service/service.go
View File

@ -58,9 +58,11 @@ func NewService(clientName string,
func getRendererContext(c *client) *renderer.Context {
var settings model.Settings
var session model.Session
var referrer string
if c != nil {
settings = c.Session.Settings
session = c.Session
referrer = c.url()
} else {
settings = *model.NewSettings()
}
@ -73,6 +75,7 @@ func getRendererContext(c *client) *renderer.Context {
CSRFToken: session.CSRFToken,
UserID: session.UserID,
AntiDopamineMode: settings.AntiDopamineMode,
Referrer: referrer,
}
}
@ -545,7 +548,7 @@ func (s *service) UserSearchPage(c *client,
if len(results.Statuses) == 20 {
offset += 20
nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id,
nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id,
url.QueryEscape(q), offset)
}
@ -608,7 +611,7 @@ func (s *service) SearchPage(c *client,
if (qType == "accounts" && len(results.Accounts) == 20) ||
(qType == "statuses" && len(results.Statuses) == 20) {
offset += 20
nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d",
nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d",
url.QueryEscape(q), qType, offset)
}
@ -721,7 +724,7 @@ func (s *service) NewSession(instance string) (rurl string, sid string, err erro
return
}
func (s *service) Signin(c *client, code string) (token string,
func (s *service) Signin(c *client, code string) (token string,
userID string, err error) {
if len(code) < 1 {
@ -747,7 +750,7 @@ func (s *service) Signout(c *client) (err error) {
return
}
func (s *service) Post(c *client, content string, replyToID string,
func (s *service) Post(c *client, content string, replyToID string,
format string, visibility string, isNSFW bool,
files []*multipart.FileHeader) (id string, err error) {

48
service/transport.go
View File

@ -46,6 +46,10 @@ type client struct {
Session model.Session
}
func (c *client) url() string {
return c.Req.URL.RequestURI()
}
func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
http.SetCookie(w, &http.Cookie{
Name: "session_id",
@ -301,7 +305,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
return err
}
location := c.Req.Header.Get("Referer")
location := c.Req.FormValue("referrer")
if len(replyToID) > 0 {
location = "/thread/" + replyToID + "#status-" + id
}
@ -319,7 +323,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)
@ -333,7 +337,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)
@ -347,7 +351,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)
@ -361,7 +365,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)
@ -373,7 +377,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+statusID)
redirect(c, c.Req.FormValue("referrer")+"#status-"+statusID)
return nil
}, CSRF, HTML)
@ -389,7 +393,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -399,7 +403,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -409,7 +413,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -419,7 +423,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -429,7 +433,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -439,7 +443,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -449,7 +453,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -459,7 +463,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -469,7 +473,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -479,7 +483,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -522,7 +526,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -532,7 +536,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -542,7 +546,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -553,7 +557,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if err != nil {
return err
}
redirect(c, c.Req.Header.Get("Referer"))
redirect(c, c.Req.FormValue("referrer"))
return nil
}, CSRF, HTML)
@ -567,7 +571,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)
@ -581,7 +585,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
if len(rid) > 0 {
id = rid
}
redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
return nil
}, CSRF, HTML)

1
templates/nav.tmpl
View File

@ -25,6 +25,7 @@
<a class="nav-link" href="/settings" target="_top" accesskey="7" title="Settings (7)">settings</a>
<form class="signout" action="/signout" method="post" target="_top">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="signout" class="btn-link nav-link" accesskey="8" title="Signout (8)">
</form>
</div>

3
templates/notification.tmpl
View File

@ -11,6 +11,7 @@
{{if .ReadID}}
<form class="notification-read" action="/notifications/read?max_id={{.ReadID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="read" class="btn-link" accesskey="C" title="Clear unread notifications (C)">
</form>
{{end}}
@ -57,11 +58,13 @@
</div>
<form class="d-inline" action="/accept/{{.Account.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="accept" class="btn-link">
</form>
-
<form class="d-inline" action="/reject/{{.Account.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="reject" class="btn-link">
</form>
</div>

1
templates/postform.tmpl
View File

@ -1,6 +1,7 @@
{{with .Data}}
<form class="post-form" action="/post" method="POST" enctype="multipart/form-data" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
{{if .ReplyContext}}
<input type="hidden" name="reply_to_id" value="{{.ReplyContext.InReplyToID}}" />
<label for="post-content" class="post-form-title"> Reply to {{.ReplyContext.InReplyToName}} </label>

2
templates/requestlist.tmpl
View File

@ -16,11 +16,13 @@
</div>
<form class="d-inline" action="/accept/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="accept" class="btn-link">
</form>
-
<form class="d-inline" action="/reject/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="reject" class="btn-link">
</form>
</div>

1
templates/settings.tmpl
View File

@ -4,6 +4,7 @@
<form id="settings-form" action="/settings" method="POST">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<div class="settings-form-field">
<label for="visibility"> Default format </label>
{{$defFormat := .Settings.DefaultFormat}}

8
templates/status.tmpl
View File

@ -38,23 +38,27 @@
{{if .Muted}}
<form action="/unmuteconv/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="unmute" class="btn-link more-link">
</form>
{{else}}
<form action="/muteconv/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="mute" class="btn-link more-link">
</form>
{{end}}
{{if .Bookmarked}}
<form action="/unbookmark/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
<input type="submit" value="unbookmark" class="btn-link more-link">
</form>
{{else}}
<form action="/bookmark/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
<input type="submit" value="bookmark" class="btn-link more-link">
</form>
@ -62,6 +66,7 @@
{{if eq $.Ctx.UserID .Account.ID}}
<form action="/delete/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="delete" class="btn-link more-link">
</form>
{{end}}
@ -143,6 +148,7 @@
{{if .Poll}}
<form class="poll-form" action="/vote/{{.Poll.ID}}" method="POST" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="hidden" name="status_id" value="{{$s.ID}}">
{{range $i, $o := .Poll.Options}}
<div class="poll-option">
@ -195,6 +201,7 @@
{{$rt := "retweet"}} {{if .Reblogged}} {{$rt = "unretweet"}} {{end}}
<form class="status-retweet" data-action="{{$rt}}" action="/{{$rt}}/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
<input type="submit" value="{{$rt}}" class="btn-link">
<a class="status-retweet-count" href="/retweetedby/{{.ID}}" title="click to see the the list">
@ -209,6 +216,7 @@
{{$like := "like"}} {{if .Favourited}} {{$like = "unlike"}} {{end}}
<form class="status-like" data-action="{{$like}}" action="/{{$like}}/{{.ID}}" method="post" target="_self">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
<input type="submit" value="{{$like}}" class="btn-link">
<a class="status-like-count" href="/likedby/{{.ID}}" title="click to see the the list">

11
templates/user.tmpl
View File

@ -23,11 +23,13 @@
{{if .User.Pleroma.Relationship.Following}}
<form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="unfollow" class="btn-link">
</form>
{{else}}
<form class="d-inline" action="/follow/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="{{if .User.Pleroma.Relationship.Requested}}resend request{{else}}follow{{end}}" class="btn-link">
</form>
{{end}}
@ -35,6 +37,7 @@
-
<form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="cancel request" class="btn-link">
</form>
{{end}}
@ -42,11 +45,13 @@
{{if .User.Pleroma.Relationship.Subscribing}}
<form class="d-inline" action="/unsubscribe/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="unsubscribe" class="btn-link">
</form>
{{else}}
<form class="d-inline" action="/subscribe/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="subscribe" class="btn-link">
</form>
{{end}}
@ -55,11 +60,13 @@
{{if .User.Pleroma.Relationship.Blocking}}
<form class="d-inline" action="/unblock/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="unblock" class="btn-link">
</form>
{{else}}
<form class="d-inline" action="/block/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="block" class="btn-link">
</form>
{{end}}
@ -67,11 +74,13 @@
{{if .User.Pleroma.Relationship.Muting}}
<form class="d-inline" action="/unmute/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="unmute" class="btn-link">
</form>
{{else}}
<form class="d-inline" action="/mute/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="mute" class="btn-link">
</form>
{{end}}
@ -80,11 +89,13 @@
{{if .User.Pleroma.Relationship.ShowingReblogs}}
<form class="d-inline" action="/follow/{{.User.ID}}?reblogs=false" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="hide retweets" class="btn-link">
</form>
{{else}}
<form class="d-inline" action="/follow/{{.User.ID}}" method="post">
<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
<input type="submit" value="show retweets" class="btn-link">
</form>
{{end}}