From b993aa7efb7571bc1420a181a2a76118eeb8b844 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Tue, 2 Jun 2026 17:16:36 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96Referer=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/command/Api.php        | 2 +-
 application/admin/controller/Index.php   | 4 ++--
 application/admin/view/index/logout.html | 1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/application/admin/command/Api.php b/application/admin/command/Api.php
index 81ee212f..7344b739 100644
--- a/application/admin/command/Api.php
+++ b/application/admin/command/Api.php
@@ -55,7 +55,7 @@ class Api extends Command
         if (!is_dir($outputDir)) {
             mkdir($outputDir, 0755, true);
         }
-        $outputFilename = $input->getOption('output') ?: 'apidoc_' . date('Ymd_') . strtolower(\fast\Random::alnum(6)) . '.html';
+        $outputFilename = $input->getOption('output') ?: 'doc_' . date('Ymd_') . strtolower(\fast\Random::alnum(6)) . '.html';
         if ($outputFilename === 'api.html') {
             throw new Exception('api.html cannot be used as the output file name');
         }
diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php
index 2d7e13ec..8c554472 100644
--- a/application/admin/controller/Index.php
+++ b/application/admin/controller/Index.php
@@ -129,9 +129,9 @@ class Index extends Backend
     {
 
         if ($this->request->isPost()) {
-            // 加强校验referer是否来自服务器
+            // 加强校验referer是否来自服务器，允许referer为空
             $referer = $this->request->server('HTTP_REFERER');
-            if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
+            if ($referer && strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
                 $this->error(__('Invalid request'));
             }
 
diff --git a/application/admin/view/index/logout.html b/application/admin/view/index/logout.html
index f42c25fe..612a4aee 100644
--- a/application/admin/view/index/logout.html
+++ b/application/admin/view/index/logout.html
@@ -2,7 +2,6 @@
 <html>
 <head>
     {include file="common/meta" /}
-    <meta name="referrer" content="origin" />
 
     <style type="text/css">
         body {