Remove referer filter on deletePassword endpoint (dresden-elektronik#7749)

Zehir · web-flow · commit 0fa6129958d7 · 2024-05-06T22:15:01.000+02:00
diff --git a/rest_configuration.cpp b/rest_configuration.cpp
@@ -2727,16 +2727,10 @@ int DeRestPluginPrivate::changePassword(const ApiRequest &req, ApiResponse &rsp)
  */
 int DeRestPluginPrivate::deletePassword(const ApiRequest &req, ApiResponse &rsp)
 {
-    // reset only allowed for certain referers
     bool ok = true;
-    QString referer = req.hdr.value(QLatin1String("Referer"));
-    if (referer.isEmpty() || !(referer.contains(QLatin1String("login.html")) || referer.contains(QLatin1String("login2.html"))))
-    {
-        ok = false;
-    }
 
     // reset only allowed within first 10 minutes after startup
-    if (ok && getUptime() > 600)
+    if (getUptime() > 600)
     {
         ok = false;
     }

Original file line number	Diff line number	Diff line change
`@@ -2727,16 +2727,10 @@ int DeRestPluginPrivate::changePassword(const ApiRequest &req, ApiResponse &rsp)`
`2727`	`2727`	`*/`
`2728`	`2728`	`int DeRestPluginPrivate::deletePassword(const ApiRequest &req, ApiResponse &rsp)`
`2729`	`2729`	`{`
`2730`		`- // reset only allowed for certain referers`
`2731`	`2730`	`bool ok = true;`
`2732`		`- QString referer = req.hdr.value(QLatin1String("Referer"));`
`2733`		`- if (referer.isEmpty() \|\| !(referer.contains(QLatin1String("login.html")) \|\| referer.contains(QLatin1String("login2.html"))))`
`2734`		`- {`
`2735`		`- ok = false;`
`2736`		`- }`
`2737`	`2731`
`2738`	`2732`	`// reset only allowed within first 10 minutes after startup`
`2739`		`- if (ok && getUptime() > 600)`
	`2733`	`+ if (getUptime() > 600)`
`2740`	`2734`	`{`
`2741`	`2735`	`ok = false;`
`2742`	`2736`	`}`