schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: schmidt1024:v1.0.1
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0
..
compare: schmidt1024:v1.0.3
Branches Tags
schmidt1024:master
schmidt1024:v1.2.2 schmidt1024:v1.2.1 schmidt1024:v1.2.0 schmidt1024:v1.1.1 schmidt1024:v1.1.0 schmidt1024:v1.0.3 schmidt1024:v1.0.2 schmidt1024:v1.0.1 schmidt1024:v1.0.0

3 Commits
v1.0.1 ... v1.0.3

Author SHA1 Message Date
Alexander Schmidt
d0b70acf39 Fix short URL redirect when PATH_INFO is empty string
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
2026-03-27 10:09:08 +01:00
Alexander Schmidt
ffd9327e3e Allow self-hosted origins in API verification
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details
2026-03-27 09:44:11 +01:00
Alexander Schmidt
40b81a5dc8 Fix install.sh: correct GitHub repo name in compose URL 2026-03-27 09:32:34 +01:00
3 changed files with 12 additions and 6 deletions
Expand all files Collapse all files

14
api/_helpers.php
View File

@@ -14,13 +14,19 @@ function send_security_headers(): void {
// ── Origin verification ─────────────────────────────────────────────────────── // ── Origin verification ───────────────────────────────────────────────────────
function verify_origin(): void { function verify_origin(): void {
$allowed = [
'https://xmrpay.link',
'http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion',
];
$origin = $_SERVER['HTTP_ORIGIN'] ?? ''; $origin = $_SERVER['HTTP_ORIGIN'] ?? '';
// Allow same-origin (no Origin header from direct same-origin requests) // Allow same-origin (no Origin header from direct same-origin requests)
if ($origin === '') return; if ($origin === '') return;
// Dynamically allow the host this instance runs on
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$self_origin = $scheme . '://' . ($_SERVER['HTTP_HOST'] ?? '');
$allowed = [
$self_origin,
'https://xmrpay.link',
'http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion',
];
if (!in_array($origin, $allowed, true)) { if (!in_array($origin, $allowed, true)) {
http_response_code(403); http_response_code(403);
echo json_encode(['error' => 'Origin not allowed']); echo json_encode(['error' => 'Origin not allowed']);

2
install.sh
View File

@@ -7,7 +7,7 @@ set -e
DOMAIN="${1:-}" DOMAIN="${1:-}"
INSTALL_DIR="/opt/xmrpay" INSTALL_DIR="/opt/xmrpay"
IMAGE="schmidt1024/xmrpay:latest" IMAGE="schmidt1024/xmrpay:latest"
COMPOSE_URL="https://raw.githubusercontent.com/schmidt1024/xmrpay.link/master/docker-compose.yml" COMPOSE_URL="https://raw.githubusercontent.com/schmidt1024/xmrpay/master/docker-compose.yml"
# ── Helpers ─────────────────────────────────────────────────────────────────── # ── Helpers ───────────────────────────────────────────────────────────────────

2
s.php
View File

@@ -1,5 +1,5 @@
<?php <?php
$pathInfo = isset($_SERVER['PATH_INFO']) && is_string($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : null; $pathInfo = isset($_SERVER['PATH_INFO']) && is_string($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] !== '' ? $_SERVER['PATH_INFO'] : null;
$queryCode = isset($_GET['c']) && is_string($_GET['c']) ? $_GET['c'] : ''; $queryCode = isset($_GET['c']) && is_string($_GET['c']) ? $_GET['c'] : '';
$code = trim($pathInfo ?? $queryCode, '/'); $code = trim($pathInfo ?? $queryCode, '/');