moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix hostname comparison in /login

This commit is contained in:
Calvin Montgomery 2018-11-11 16:11:51 -08:00
parent 2d6af31c00
commit 60a39890f0
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/web/auth.js
View File

@ -53,7 +53,9 @@ function handleLogin(req, res) {
var host = req.hostname;
// TODO: remove this check from /login, make it generic middleware
if (host.indexOf(Config.get("http.root-domain")) === -1 &&
// TODO: separate root-domain and "login domain", e.g. accounts.example.com
if (host !== Config.get("http.root-domain") &&
!host.endsWith("." + Config.get("http.root-domain")) &&
Config.get("http.alt-domains").indexOf(host) === -1) {
LOGGER.warn("Attempted login from non-approved domain " + host);
return res.sendStatus(403);