From e590d39aa9a29577ad21c5d0bcf29f39cd9709f2 Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@hotmail.com>
Date: Wed, 5 Sep 2018 21:45:14 -0500
Subject: [PATCH] Revert "Add header check for CSRF"

This reverts commit a749ac73acb19ec2e3897006183a4bb1f63ef99a.
---
 src/invidious.cr | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/src/invidious.cr b/src/invidious.cr
index 6a32736c..433c84c7 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -106,21 +106,6 @@ spawn do
 end
 
 before_all do |env|
-  env.response.headers["X-XSS-Protection"] = "1; mode=block;"
-  env.response.headers["X-Content-Type-Options"] = "nosniff"
-
-  # CSRF
-  if Kemal.config.ssl || CONFIG.https_only
-    host = env.request.headers["Host"]?
-
-    if (env.request.headers["Origin"]?.try &.== host) ||
-       (env.request.headers["Referer"]?.try &.== host)
-      # All good!
-    else
-      halt env, status_code: 403, response: "Failed CSRF check"
-    end
-  end
-
   if env.request.cookies.has_key? "SID"
     headers = HTTP::Headers.new
     headers["Cookie"] = env.request.headers["Cookie"]