The HTTP_REFERER matcher in middleware.rb:9 is giving us some issues.
Say we have a user named "swfdeveloper", which is then used in the URL for profiles. (http://dribbble.com/swfdeveloper) Then any link leaving that page has that URL as the referrer which matches the /.swf/ matcher.
At minimum the period should be escaped:
if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/ ||
env['HTTP_REFERER'] =~ /\.swf/
Even better I think would be to match at the end of the URL, ignoring queries if they are included:
trevorturk
commented
10 years ago
The HTTP_REFERER matcher in middleware.rb:9 is giving us some issues.
Say we have a user named "swfdeveloper", which is then used in the URL for profiles. (http://dribbble.com/swfdeveloper) Then any link leaving that page has that URL as the referrer which matches the
/.swf/matcher.At minimum the period should be escaped:
Even better I think would be to match at the end of the URL, ignoring queries if they are included:
If we decide on a solution here I'm happy to provide a pull request, as we're going to be monkey-patching a solution in.
Also, this could possibly be related to #18 but I'm not 100%.