Comment on So I kind of set up another level of security well not really more of a gate to

<- View Parent
webfan@inne.city ⁨2⁩ ⁨weeks⁩ ago

@pasjrwoctx Sorry, I mean the /inbox route from the check

$is_fediverse =
str_contains($request, '/.well-known/') ||
str_contains($request, '/activitypub/') ||
str_contains($request, '/api/') ||
str_contains($request, '/assets/') ||
str_contains($request, '/inbox');

You could also check for Request-Type headers.

A cookie can be faked, you should consider to store the OK in the session instead?

original
Sort:hotnewtop