Skip to content

Multidomain support improvement
Compare
Choose a tag to compare
@Xenthys Xenthys released this 29 Jul 23:11
· 28 commits to master since this release
v1.3.0
f364218
This commit was signed with the committer’s verified signature.
Xenthys Dylan Ysmal
GPG key ID: D68FF79CEE9A9B69
Learn about vigilant mode.

The whole URL generation mechanism has been overhauled.

The domain parameter has been added. It allows user to specify which domain name they want within the url field instead of the one being used by the HTTP request. The use case for this is simple: multidomain installations may want to enable the script only on a specific host to, per example, reduce attack surface by ratelimiting calls with a service like Cloudflare instead of having to enable it on every domain name.

The deletion URL is now properly generated in the case where the script was called behind a rewrite rule. It now relies on the request URI instead of using its own name, which is more logical.

File (when domain is unspecified) and deletion URLs now both use the specified HTTP host instead of the server name, as having this data user-controlled is preferable since it isn't used internally. Also, the server name can depend on the server configuration and may not reflect the true host.

Assets 2
Loading