Make host validation not depend on CSRF being enabled (see #468)

2026-05-04 15:49:10 +01:00 · 2018-01-17 23:34:40 +03:00
parent 90686f30ce
commit c0c2ba0b13
2 changed files with 4 additions and 4 deletions
@@ -719,7 +719,6 @@ handle_request (struct evhttp_request * req, void * arg)
        {
          handle_upload (req, server);
        }
-#ifdef REQUIRE_SESSION_ID
      else if (!isHostnameAllowed (server, req))
        {
          char * const tmp = tr_strdup_printf (
@@ -736,6 +735,7 @@ handle_request (struct evhttp_request * req, void * arg)
          send_simple_response (req, 421, tmp);
          tr_free (tmp);
        }
+#ifdef REQUIRE_SESSION_ID
      else if (!test_session_id (server, req))
        {
          const char * sessionId = get_current_session_id (server);