From 3cc25bec51d6075774b4c740068ec9aca1e93a1f Mon Sep 17 00:00:00 2001
From: fkwa <kitsuruko@gmail.com>
Date: Sun, 2 Aug 2020 20:14:54 +0300
Subject: [PATCH] Fix Anti-CSRF check condition

Pervious version is made chandler unusable if it runs on port different from 443.
---
 chandler/MVC/Routing/Router.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chandler/MVC/Routing/Router.php b/chandler/MVC/Routing/Router.php
index 4e28fbb..59ec309 100644
--- a/chandler/MVC/Routing/Router.php
+++ b/chandler/MVC/Routing/Router.php
@@ -85,7 +85,7 @@ class Router
                 [$hash, $nonce] = $data;
                 
                 if(sodium_memcmp($this->makeCSRFToken($route, hex2bin($nonce)), "$hash#$nonce") === 0)
-                    $GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === $_SERVER["HTTP_HOST"];
+                    $GLOBALS["csrfCheck"] = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST) === parse_url($_SERVER["HTTP_HOST"], PHP_URL_HOST);
             } catch(\SodiumException $ex) {}
         }