fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Refactor checkCSRF() to use Sec-Fetch-Site and Origin headers

Browse source 
- 최근 브라우저에서 지원하는 헤더를 사용하여 더 정확하게 체크
- Sec-Fetch-Site, Origin 헤더를 지원하지 않는 경우 기존처럼 Referer 체크
- CSRF 토큰은 더이상 기본 방법보다 보안이 더 뛰어나다고 말하기 힘듬
This commit is contained in:
Kijin Sung 2025-10-22 22:53:45 +09:00
parent f536f0f382
commit e2124ed1c0
4 changed files with 97 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/admin/lang/en.php
View file

@ -187,7 +187,7 @@ $lang->about_use_session_ssl = 'Force the session to be SSL-only.<br>This helps
$lang->use_cookies_ssl = 'Use SSL-only cookies';
$lang->about_use_cookies_ssl = 'Force all cookies to be SSL-only.';
$lang->check_csrf_token = 'Use CSRF tokens';
$lang->about_check_csrf_token = 'Use CSRF tokens to validate requests. This is more secure but may break some functionality.<br>If not selected, Rhymix will use only the Referer header to defend against CSRF attacks.';
$lang->about_check_csrf_token = 'Use CSRF tokens to validate requests. This may break some functionality.<br>If not selected, Rhymix will use headers such as Sec-Fetch-Site and Origin to block CSRF attacks.';
$lang->use_nofollow = 'Add nofollow attribute to Links';
$lang->about_use_nofollow = 'Add rel=&quot;nofollow&quot; to all links submitted by users in order to reduce the effectiveness of spamming.<br>This does not apply to content submitted by the administrator.';
$lang->use_object_cache = 'Use Cache';