From 23277cc07892f37d340d23f7ec57e80f33b0b24c Mon Sep 17 00:00:00 2001
From: jeessy2 <6205259+jeessy2@users.noreply.github.com>
Date: Thu, 1 Aug 2024 01:07:03 -0700
Subject: [PATCH] fix: need to parse the referer (#1204)

---
 web/login.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/web/login.go b/web/login.go
index 684c8f5..a0db43c 100755
--- a/web/login.go
+++ b/web/login.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"html/template"
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/jeessy2/ddns-go/v6/config"
@@ -95,8 +96,10 @@ func LoginFunc(w http.ResponseWriter, r *http.Request) {
 			returnError(w, util.LogStr("需在 %s 之前完成用户名密码设置,请重启ddns-go", startTime.Add(saveLimit).Format("2006-01-02 15:04:05")))
 			return
 		}
+
 		conf.NotAllowWanAccess = true
-		if !util.IsPrivateNetwork(r.Header.Get("referer")) {
+		u, err := url.Parse(r.Header.Get("referer"))
+		if err == nil && !util.IsPrivateNetwork(u.Host) {
 			conf.NotAllowWanAccess = false
 		}