Make redirection work without Referer header
authorr <r@freesoftwareextremist.com>
Sun, 17 Jan 2021 05:44:07 +0000 (05:44 +0000)
committerr <r@freesoftwareextremist.com>
Sun, 17 Jan 2021 05:44:07 +0000 (05:44 +0000)
renderer/model.go
service/service.go
service/transport.go
templates/nav.tmpl
templates/notification.tmpl
templates/postform.tmpl
templates/requestlist.tmpl
templates/settings.tmpl
templates/status.tmpl
templates/user.tmpl

index 1dcb40452586ff51eda927cf46728e7c4d278cdf..a89b3792f4e9c4d09e83a48c8c83cf1a0230bd16 100644 (file)
@@ -14,6 +14,7 @@ type Context struct {
        CSRFToken        string
        UserID           string
        AntiDopamineMode bool
+       Referrer         string
 }
 
 type NavData struct {
index 088bcf423a2ccb3d2c3d2219e825731920a45fce..01306d0904b653ca9e0233b4e958326d8bd5e046 100644 (file)
@@ -58,9 +58,11 @@ func NewService(clientName string,
 func getRendererContext(c *client) *renderer.Context {
        var settings model.Settings
        var session model.Session
+       var referrer string
        if c != nil {
                settings = c.Session.Settings
                session = c.Session
+               referrer = c.url()
        } else {
                settings = *model.NewSettings()
        }
@@ -73,6 +75,7 @@ func getRendererContext(c *client) *renderer.Context {
                CSRFToken:        session.CSRFToken,
                UserID:           session.UserID,
                AntiDopamineMode: settings.AntiDopamineMode,
+               Referrer:         referrer,
        }
 }
 
@@ -545,7 +548,7 @@ func (s *service) UserSearchPage(c *client,
 
        if len(results.Statuses) == 20 {
                offset += 20
-               nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id, 
+               nextLink = fmt.Sprintf("/usersearch/%s?q=%s&offset=%d", id,
                        url.QueryEscape(q), offset)
        }
 
@@ -608,7 +611,7 @@ func (s *service) SearchPage(c *client,
        if (qType == "accounts" && len(results.Accounts) == 20) ||
                (qType == "statuses" && len(results.Statuses) == 20) {
                offset += 20
-               nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d", 
+               nextLink = fmt.Sprintf("/search?q=%s&type=%s&offset=%d",
                        url.QueryEscape(q), qType, offset)
        }
 
@@ -721,7 +724,7 @@ func (s *service) NewSession(instance string) (rurl string, sid string, err erro
        return
 }
 
-func (s *service) Signin(c *client, code string) (token string, 
+func (s *service) Signin(c *client, code string) (token string,
        userID string, err error) {
 
        if len(code) < 1 {
@@ -747,7 +750,7 @@ func (s *service) Signout(c *client) (err error) {
        return
 }
 
-func (s *service) Post(c *client, content string, replyToID string, 
+func (s *service) Post(c *client, content string, replyToID string,
        format string, visibility string, isNSFW bool,
        files []*multipart.FileHeader) (id string, err error) {
 
index 7ba52a46e5022de9eead57c4c83502ef7692dd0f..882a35130a85de258cb43857be7c10c7079962bd 100644 (file)
@@ -46,6 +46,10 @@ type client struct {
        Session   model.Session
 }
 
+func (c *client) url() string {
+       return c.Req.URL.RequestURI()
+}
+
 func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
        http.SetCookie(w, &http.Cookie{
                Name:    "session_id",
@@ -301,7 +305,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                        return err
                }
 
-               location := c.Req.Header.Get("Referer")
+               location := c.Req.FormValue("referrer")
                if len(replyToID) > 0 {
                        location = "/thread/" + replyToID + "#status-" + id
                }
@@ -319,7 +323,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
@@ -333,7 +337,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
@@ -347,7 +351,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
@@ -361,7 +365,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
@@ -373,7 +377,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+statusID)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+statusID)
                return nil
        }, CSRF, HTML)
 
@@ -389,7 +393,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -399,7 +403,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -409,7 +413,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -419,7 +423,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -429,7 +433,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -439,7 +443,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -449,7 +453,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -459,7 +463,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -469,7 +473,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -479,7 +483,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -522,7 +526,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -532,7 +536,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -542,7 +546,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -553,7 +557,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if err != nil {
                        return err
                }
-               redirect(c, c.Req.Header.Get("Referer"))
+               redirect(c, c.Req.FormValue("referrer"))
                return nil
        }, CSRF, HTML)
 
@@ -567,7 +571,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
@@ -581,7 +585,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
                if len(rid) > 0 {
                        id = rid
                }
-               redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+               redirect(c, c.Req.FormValue("referrer")+"#status-"+id)
                return nil
        }, CSRF, HTML)
 
index 97898c83b93092a1f4c61e9a7cb0ab3205efbd21..fdff885bbfe3706f7d37ef74c0b343045a7fd3c1 100644 (file)
@@ -25,6 +25,7 @@
                        <a class="nav-link" href="/settings" target="_top" accesskey="7" title="Settings (7)">settings</a>
                        <form class="signout" action="/signout" method="post" target="_top">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="signout" class="btn-link nav-link" accesskey="8" title="Signout (8)">
                        </form>
                </div>
index 567bcf055504fbbf8bbe52202e7db3c1bfdf914f..4eed61b8bb8856126e84781c5925eb1d8f032404 100644 (file)
@@ -11,6 +11,7 @@
        {{if .ReadID}}
        <form class="notification-read" action="/notifications/read?max_id={{.ReadID}}" method="post" target="_self">
                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                <input type="submit" value="read" class="btn-link" accesskey="C" title="Clear unread notifications (C)">
        </form>
        {{end}}
                        </div>
                        <form class="d-inline" action="/accept/{{.Account.ID}}" method="post" target="_self">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="accept" class="btn-link">
                        </form>
                        -
                        <form class="d-inline" action="/reject/{{.Account.ID}}" method="post" target="_self">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="reject" class="btn-link">
                        </form>
                </div>
index f00c300d09250414873c330cd94619db0a0eb3f0..b81126c1b3d3575dcf155ef62ba09f07f596bbe0 100644 (file)
@@ -1,6 +1,7 @@
 {{with .Data}}
 <form class="post-form" action="/post" method="POST" enctype="multipart/form-data" target="_self">
        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
        {{if .ReplyContext}}
        <input type="hidden" name="reply_to_id" value="{{.ReplyContext.InReplyToID}}" />
        <label for="post-content" class="post-form-title"> Reply to {{.ReplyContext.InReplyToName}} </label>
index 232b56d78f4dc4516f8895498d921e3a94bef652..eec75f2c64f0e42d9f09b67718d50928337c0690 100644 (file)
                        </div>
                        <form class="d-inline" action="/accept/{{.ID}}" method="post" target="_self">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="accept" class="btn-link">
                        </form>
                        -
                        <form class="d-inline" action="/reject/{{.ID}}" method="post" target="_self">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="reject" class="btn-link">
                        </form>
                </div>
index baeb64dcc1dd6975155499b19a3b7b1f16161201..4a72b6ab10004aa969500c4ce88a475234f080af 100644 (file)
@@ -4,6 +4,7 @@
 
 <form id="settings-form" action="/settings" method="POST">
        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
        <div class="settings-form-field">
                <label for="visibility"> Default format </label>
                {{$defFormat := .Settings.DefaultFormat}}
index a46129f0528d1bc13d196522795cbe9e0e3b0df6..a1e2d9f63eb59b681eb3a503f8f3582ec99d3d6c 100644 (file)
                                                {{if .Muted}}
                                                <form action="/unmuteconv/{{.ID}}" method="post" target="_self">
                                                        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                                       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                        <input type="submit" value="unmute" class="btn-link more-link">
                                                </form>
                                                {{else}}
                                                <form action="/muteconv/{{.ID}}" method="post" target="_self">
                                                        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                                       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                        <input type="submit" value="mute" class="btn-link more-link">
                                                </form>
                                                {{end}}
                                                {{if .Bookmarked}}
                                                <form action="/unbookmark/{{.ID}}" method="post" target="_self">
                                                        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                                       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                        <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
                                                        <input type="submit" value="unbookmark" class="btn-link more-link">
                                                </form>
                                                {{else}}
                                                <form action="/bookmark/{{.ID}}" method="post" target="_self">
                                                        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                                       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                        <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
                                                        <input type="submit" value="bookmark" class="btn-link more-link">
                                                </form>
@@ -62,6 +66,7 @@
                                                {{if eq $.Ctx.UserID .Account.ID}}
                                                <form action="/delete/{{.ID}}" method="post" target="_self">
                                                        <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                                       <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                        <input type="submit" value="delete" class="btn-link more-link">
                                                </form>
                                                {{end}}
                        {{if .Poll}}
                        <form class="poll-form" action="/vote/{{.Poll.ID}}" method="POST" target="_self">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="hidden" name="status_id" value="{{$s.ID}}">
                                {{range $i, $o := .Poll.Options}}
                                <div class="poll-option">
                                        {{$rt := "retweet"}} {{if .Reblogged}} {{$rt = "unretweet"}} {{end}}
                                        <form class="status-retweet" data-action="{{$rt}}" action="/{{$rt}}/{{.ID}}" method="post" target="_self">
                                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
                                                <input type="submit" value="{{$rt}}" class="btn-link">
                                                <a class="status-retweet-count" href="/retweetedby/{{.ID}}" title="click to see the the list"> 
                                        {{$like := "like"}} {{if .Favourited}} {{$like = "unlike"}} {{end}}
                                        <form class="status-like" data-action="{{$like}}" action="/{{$like}}/{{.ID}}" method="post" target="_self">
                                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                                <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
                                                <input type="submit" value="{{$like}}" class="btn-link">
                                                <a class="status-like-count" href="/likedby/{{.ID}}" title="click to see the the list"> 
index 5ef411ab97596d6967c2038c76c795d8b1c35658..af6a8d18e6850305121920238f01c9cf0a966f12 100644 (file)
                        {{if .User.Pleroma.Relationship.Following}} 
                        <form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="unfollow" class="btn-link">
                        </form>
                        {{else}}
                        <form class="d-inline" action="/follow/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="{{if .User.Pleroma.Relationship.Requested}}resend request{{else}}follow{{end}}" class="btn-link">
                        </form>
                        {{end}}
@@ -35,6 +37,7 @@
                        -
                        <form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="cancel request" class="btn-link">
                        </form>
                        {{end}}
                        {{if .User.Pleroma.Relationship.Subscribing}}
                        <form class="d-inline" action="/unsubscribe/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="unsubscribe" class="btn-link">
                        </form>
                        {{else}}
                        <form class="d-inline" action="/subscribe/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="subscribe" class="btn-link">
                        </form>
                        {{end}}
                        {{if .User.Pleroma.Relationship.Blocking}}
                        <form class="d-inline" action="/unblock/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="unblock" class="btn-link">
                        </form>
                        {{else}}
                        <form class="d-inline" action="/block/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="block" class="btn-link">
                        </form>
                        {{end}}
                        {{if .User.Pleroma.Relationship.Muting}}
                        <form class="d-inline" action="/unmute/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="unmute" class="btn-link">
                        </form>
                        {{else}}
                        <form class="d-inline" action="/mute/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="mute" class="btn-link">
                        </form>
                        {{end}}
                        {{if .User.Pleroma.Relationship.ShowingReblogs}}
                        <form class="d-inline" action="/follow/{{.User.ID}}?reblogs=false" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="hide retweets" class="btn-link">
                        </form>
                        {{else}}
                        <form class="d-inline" action="/follow/{{.User.ID}}" method="post">
                                <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+                               <input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
                                <input type="submit" value="show retweets" class="btn-link">
                        </form>
                        {{end}}