优化Referer校验

application/admin/command/Api.php

@@ -55,7 +55,7 @@ class Api extends Command
         if (!is_dir($outputDir)) {
             mkdir($outputDir, 0755, true);
         }
-        $outputFilename = $input->getOption('output') ?: 'apidoc_' . date('Ymd_') . strtolower(\fast\Random::alnum(6)) . '.html';
+        $outputFilename = $input->getOption('output') ?: 'doc_' . date('Ymd_') . strtolower(\fast\Random::alnum(6)) . '.html';
         if ($outputFilename === 'api.html') {
             throw new Exception('api.html cannot be used as the output file name');
         }

application/admin/controller/Index.php

@@ -129,9 +129,9 @@ class Index extends Backend
     {
 
         if ($this->request->isPost()) {
-            // 加强校验referer是否来自服务器
+            // 加强校验referer是否来自服务器，允许referer为空
             $referer = $this->request->server('HTTP_REFERER');
-            if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
+            if ($referer && strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
                 $this->error(__('Invalid request'));
             }
 

application/admin/view/index/logout.html

@@ -2,7 +2,6 @@
 <html>
 <head>
     {include file="common/meta" /}
-    <meta name="referrer" content="origin" />
 
     <style type="text/css">
         body {