Commit b1811686 authored by David Haynes's avatar David Haynes 🙆

Remove troublesome check

- causes 500 on prod
- it's pretty stupid anyways, the lazy way out
parent 95fc8208
Pipeline #1523 passed with stages
in 2 minutes and 29 seconds
...@@ -321,7 +321,6 @@ def delete(request, short): ...@@ -321,7 +321,6 @@ def delete(request, short):
This view deletes a URL if you have the permission to. User must be This view deletes a URL if you have the permission to. User must be
logged in and registered, and must also be the owner of the URL. logged in and registered, and must also be the owner of the URL.
""" """
# Do not allow unapproved users to delete links # Do not allow unapproved users to delete links
if not request.user.registereduser.approved: if not request.user.registereduser.approved:
return render(request, 'not_registered.html') return render(request, 'not_registered.html')
...@@ -331,28 +330,14 @@ def delete(request, short): ...@@ -331,28 +330,14 @@ def delete(request, short):
# If the RegisteredUser is the owner of the URL # If the RegisteredUser is the owner of the URL
if url.owner == request.user.registereduser: if url.owner == request.user.registereduser:
# There are some instances where this request header does not exist, in # remove the URL
# this case we fallback to the insecure method url.delete()
if request.META.get('HTTP_REFERER') is not None: # redirect to my_links
# Make sure that the requestee is from the same domain (go.gmu.edu) return redirect('my_links')
if request.META.get('HTTP_REFERER') == request.META.get('HTTP_HOST'):
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else:
raise PermissionDenied()
# Fallback and delete
else:
# remove the URL
url.delete()
# redirect to my_links
return redirect('my_links')
else: else:
# do not allow them to delete # do not allow them to delete
raise PermissionDenied() raise PermissionDenied()
@login_required @login_required
def signup(request): def signup(request):
""" """
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment