Limit QR to referrer of its own hostname

slickage / baron

Baron is a Bitcoin payment processor that anyone can deploy

163 stars 35 forks source link

Limit QR to referrer of its own hostname #49

Closed wtogami closed 10 years ago

wtogami commented 10 years ago

(Low priority)

req.headers['referer'] contains the referring URL that displays the QR image. If the hostname portion matches req.port then render the QR code, otherwise reject with a 400-level error.

wtogami commented 10 years ago

1c961a8c93cdaf33806444fae7d90a015e7e67b5