public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var request = filterContext.HttpContext.Request;
if (!string.IsNullOrEmpty(_configuration["EnableRefererHeaderFilter"]))
{
var hasRefererHeader = request.Headers.ContainsKey("Referer");
var refererHeader = hasRefererHeader ? request.Headers["Referer"].ToString() : string.Empty;
string[] refererAllowedDomains = _configuration["RefererAllowedDomains"].Split(',');
if (!hasRefererHeader || !SecurityUtility.IsAllowedReferer(refererHeader, refererAllowedDomains))
{
_logger.LogWarning(string.Format("Access attempted with forbidden or not set referer header \"{0}\".", refererHeader));
filterContext.Result = new StatusCodeResult(403);
}
}
base.OnActionExecuting(filterContext);
}