Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat!: validate referer to /reauth is valid

Browse source
This commit is contained in:
Bill Church 2022-05-20 15:05:29 -04:00
parent e0742db22f
commit 0dcaa6e150
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/server/routes.js
View file

@ -10,11 +10,15 @@ const { parseBool } = require('./util');
const config = require('./config'); const config = require('./config');
exports.reauth = function reauth(req, res) { exports.reauth = function reauth(req, res) {
const r = req.headers.referer || '/'; let { referer } = req.headers;
console.log(`referer: ${referer}`);
if (!validator.isURL(referer, { host_whitelist: ['localhost'] })) referer = '/';
console.log(`referer: ${referer}`);
res res
.status(401) .status(401)
.send( .send(
`<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; url=${r}"></head><body bgcolor="#000"></body></html>` `<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0; url=${referer}"></head><body bgcolor="#000"></body></html>`
); );
}; };