checks the request content-type instead...

2023-05-22 21:14:58 -05:00
parent e3603a60e9
commit 01eee61e8b
1 changed files with 6 additions and 1 deletions
@@ -15,7 +15,12 @@ export const checkOrigin: RequestHandler = (req, res, next) => {
        { origin: req.headers.origin, referer: req.headers.referer },
        "Blocked request from origin or referer"
      );
-      if (!req.accepts("html") || req.headers.accept === "*/*") {
+
+      // VenusAI requests incorrectly say they accept HTML despite immediately
+      // trying to parse the response as JSON, so we check the body type instead
+      const hasJsonBody =
+        req.headers["content-type"]?.includes("application/json");
+      if (!req.accepts("html") || hasJsonBody) {
        return res.status(403).json({
          error: { type: "blocked_origin", message: config.blockMessage },
        });