fixed get_file request.referer 防盗链

2024-10-17 16:06:26 +08:00 · 2024-10-17 16:06:26 +08:00 · 84a46a1042
parent d887eb5d41
commit 84a46a1042
1 changed files with 1 additions and 2 deletions
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@ -30,8 +30,7 @@ class AttachmentsController < ApplicationController


  def get_file
-    Rails.logger.info("request.host===#{request.host}")
-    Rails.logger.info("request.referer===#{request.referer}")
+    tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
    normal_status(-1, "参数缺失") if params[:download_url].blank?
    url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s
    md5_file  = Digest::MD5.hexdigest(params[:download_url])