Preventing CSRF in /file_manager/fm_api.php

myvesta · Aug 28, 2021 · 0336e8b · 0336e8b
1 parent 9277b37
commit 0336e8b
Showing 1 changed file with 1 addition and 9 deletions.
diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php
@@ -3,15 +3,7 @@
 //error_reporting(NULL);
 
 // Preventing CSRF
-if ($_SERVER['REQUEST_METHOD']=='POST') {
-    $host_arr=explode(":", $_SERVER['HTTP_HOST']);
-    $hostname=$host_arr[0];
-    $port = $_SERVER['SERVER_PORT'];
-    $expected_http_origin="https://".$hostname.":".$port;
-    if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
-        die ("Nope.");
-    }
-}
+prevent_post_csrf(true);
 
 header('Content-Type: application/json');