|
@@ -47,12 +47,10 @@ function api_log($_data) {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-// deny requests from /SOGo locations
|
|
|
|
|
-if (isset($_SERVER['HTTP_REFERER'])) {
|
|
|
|
|
- if (strpos(strtolower($_SERVER['HTTP_REFERER']), '/sogo') !== false) {
|
|
|
|
|
- header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
|
|
+// Block requests not intended for direct API use by checking the 'Sec-Fetch-Dest' header.
|
|
|
|
|
+if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
|
|
|
|
|
+ header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
+ exit;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (isset($_GET['query'])) {
|
|
if (isset($_GET['query'])) {
|
FreddleSpl0it