diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 0ee0363af..0746f3d1b 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -30,8 +30,7 @@ class AttachmentsController < ApplicationController def get_file - Rails.logger.info("request.host===#{request.host}") - Rails.logger.info("request.referer===#{request.referer}") + tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.","")) normal_status(-1, "参数缺失") if params[:download_url].blank? url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s md5_file = Digest::MD5.hexdigest(params[:download_url])