From 7d7f43373e853a37c05a338ecd790e2cf80cc656 Mon Sep 17 00:00:00 2001
From: fatchan <tom@69420.me>
Date: Sat, 13 Jul 2019 08:39:20 +0100
Subject: [PATCH] config to disable referrer check for local dev environment

---
 configs/main.json.example | 7 ++++---
 server.js                 | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/configs/main.json.example b/configs/main.json.example
index 9187ba94..4f1d1a67 100644
--- a/configs/main.json.example
+++ b/configs/main.json.example
@@ -1,10 +1,11 @@
 {
-    "dbURL": "mongodb://username:password@host:port",
-    "port": 7000,
-    "sessionSecret": "long random string",
+	"dbURL": "mongodb://username:password@host:port",
+	"port": 7000,
+	"sessionSecret": "long random string",
 	"tripcodeSecret": "long random string",
 	"ipHashSecret": "long random string",
 	"cacheTemplates": true,
+	"refererCheck": false,
 	"refererRegex": "^https?:\\/\\/(?:www\\.)?domain\\.com\\/",
 	"openGraph": {
 		"siteName": "site name",
diff --git a/server.js b/server.js
index bd7a0881..c137cfcd 100644
--- a/server.js
+++ b/server.js
@@ -58,7 +58,7 @@ const express = require('express')
 		if (req.method !== 'POST') {
 			return next();
 		}
-		if (!req.headers.referer || !req.headers.referer.match(refererRegex)) {
+		if (configs.refererCheck === true && (!req.headers.referer || !req.headers.referer.match(refererRegex))) {
 			return res.status(403).render('message', {
 				'title': 'Forbidden',
 				'message': 'Invalid or missing "Referer" header. Are you posting from the correct URL?'