Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@peter-mw
peter-mw committed Sep 9, 2021
1 parent 3aafae5 commit 7818115
Showing 1 changed file with 24 additions and 20 deletions.
44 changes: 24 additions & 20 deletions src/MicroweberPackages/App/Http/Controllers/FrontendController.php
View file
Expand Up @@ -508,26 +508,30 @@ public function api($api_function = false, $params = false)
}

if (in_array($api_function, $api_auth_exposed)) {
$request = request();
$request->merge($_GET);
$request->merge($_POST);
$ref = $request->headers->get('referer');

$same_site = app()->make(SameSiteRefererMiddleware::class);
$is_same_site = $same_site->isSameSite($ref);

if (!$is_same_site) {
$bearer_token = $request->bearerToken();
$is_bearer_token_valid = false;
if($bearer_token){
$validator = app()->make(ApiAuth::class);
$is_bearer_token_valid = $validator->validateBearerToken($bearer_token);
}
if (!$is_bearer_token_valid) {
$validator = app()->make(VerifyCsrfTokenHelper::class);
$is_token_valid = $validator->isValid($request);
if (!$is_token_valid) {
App::abort(403, 'Unauthorized action. Token is invalid for the API function.');
if($api_function != 'clearcache') {


$request = request();
$request->merge($_GET);
$request->merge($_POST);
$ref = $request->headers->get('referer');

$same_site = app()->make(SameSiteRefererMiddleware::class);
$is_same_site = $same_site->isSameSite($ref);

if (!$is_same_site) {
$bearer_token = $request->bearerToken();
$is_bearer_token_valid = false;
if ($bearer_token) {
$validator = app()->make(ApiAuth::class);
$is_bearer_token_valid = $validator->validateBearerToken($bearer_token);
}
if (!$is_bearer_token_valid) {
$validator = app()->make(VerifyCsrfTokenHelper::class);
$is_token_valid = $validator->isValid($request);
if (!$is_token_valid) {
App::abort(403, 'Unauthorized action. Token is invalid for the API function.');
}
}
}
}
Expand Down

0 comments on commit 7818115

Please sign in to comment.