Comment on So I kind of set up another level of security well not really more of a gate to
webfan@inne.city 2 weeks ago
@pasjrwoctx I did not test it yet, but I believe you should exclude the /inbox route e.g. too?
Comment on So I kind of set up another level of security well not really more of a gate to
webfan@inne.city 2 weeks ago
pasjrwoctx@social.2ndshot.photos 2 weeks ago
webfan@inne.city 2 weeks ago
@pasjrwoctx Sorry, I mean the /inbox route from the check
$is_fediverse =
str_contains($request, '/.well-known/') ||
str_contains($request, '/activitypub/') ||
str_contains($request, '/api/') ||
str_contains($request, '/assets/') ||
str_contains($request, '/inbox');
You could also check for Request-Type headers.
A cookie can be faked, you should consider to store the OK in the session instead?
pasjrwoctx@social.2ndshot.photos 2 weeks ago
webfan@inne.city 2 weeks ago
if ($request === '/' makes it clear, sorry!
$is_fediverse and is_static is not necessary then?
pasjrwoctx@social.2ndshot.photos 2 weeks ago