From ee7b9b59c5cc10ba1e9f081b1dcc85366e5bfd47 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 5 Apr 2022 18:29:27 +0200
Subject: [PATCH] fds

---
 files/__main__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/__main__.py b/files/__main__.py
index 0fa7bf302..7dd659491 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -88,6 +88,10 @@ mail = Mail(app)
 
 @app.before_request
 def before_request():
+	host = request.headers.get("Host", "")
+	if host.strip().lower() != app.config["SERVER_NAME"].strip().lower(): return {"error":f"Unauthorized host provided ({host})."}, 401
+	if request.headers.get("CF-Worker", "") != "": return {"error":"Cloudflare workers are not allowed to access this website."}, 401
+
 	if request.method.lower() != "get" and app.config["READ_ONLY"]:
 		return {"error":f"{app.config['SITE_NAME']} is currently in read-only mode."}, 500