From 835381fbb11a35a8eacfc06b1e6fc339bfe9fa6d Mon Sep 17 00:00:00 2001
From: ZeroNet <git@zeronet.io>
Date: Wed, 10 Aug 2016 12:24:47 +0200
Subject: [PATCH] Filter media referrer by original request address

---
 src/Ui/UiRequest.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index e1b4bb87..66d887fa 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -327,7 +327,8 @@ class UiRequest(object):
 
         referer = self.env.get("HTTP_REFERER")
         if referer and path_parts:  # Only allow same site to receive media
-            if not self.isMediaRequestAllowed(path_parts["address"], referer):
+            if not self.isMediaRequestAllowed(path_parts["request_address"], referer):
+                self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer))
                 return self.error403("Media referrer error")  # Referrer not starts same address as requested path
 
         if path_parts:  # Looks like a valid path