|
@@ -1,4 +1,11 @@
|
|
|
<?php
|
|
<?php
|
|
|
|
|
+
|
|
|
|
|
+// Block requests by checking the 'Sec-Fetch-Dest' header.
|
|
|
|
|
+if (isset($_SERVER['HTTP_SEC_FETCH_DEST']) && $_SERVER['HTTP_SEC_FETCH_DEST'] !== 'empty') {
|
|
|
|
|
+ header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
+ exit;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
|
|
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
|
|
|
if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'admin') {
|
|
if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'admin') {
|
|
|
exit();
|
|
exit();
|
FreddleSpl0it