From 5685965fdb6462dc81755556c3baf0b03026970f Mon Sep 17 00:00:00 2001
From: "Michiel@unhosted" <michiel@unhosted.org>
Date: Mon, 12 Sep 2011 14:22:48 +0200
Subject: [PATCH] improve uninstalled-protection

---
 apps/user_webfinger/host-meta.php | 2 +-
 apps/user_webfinger/webfinger.php | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/user_webfinger/host-meta.php b/apps/user_webfinger/host-meta.php
index c37b7dd776..ceb15f22da 100644
--- a/apps/user_webfinger/host-meta.php
+++ b/apps/user_webfinger/host-meta.php
@@ -2,7 +2,7 @@
 if($_SERVER['SCRIPT_NAME'] == '/.well-known/host-meta.php') {
 	header("Access-Control-Allow-Origin: *");
 } else {
-	header('Please visit /apps/user_webfinger/activate.php first');
+	header('Please-first: activate');
 }
 header("Content-Type: application/xml+xrd");
 echo "<";
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index fdec9e8e56..4f94cc3c4f 100644
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -1,5 +1,9 @@
 <?php
-header("Access-Control-Allow-Origin: *");
+if($_SERVER['SCRIPT_NAME'] == '/.well-known/host-meta.php') {
+	header("Access-Control-Allow-Origin: *");
+} else {
+	header('Please-first: activate');
+}
 header("Content-Type: application/xml+xrd");
 
 if($_GET['q']) {
-- 
GitLab