cthrace/collabvm-1.2.ts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

detect fake origin headers

Browse Source
This commit is contained in:
Elijah R
2024-03-31 13:36:55 -04:00
parent 05e5ea44a0
commit b815bf8874
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/WSServer.ts
View File

@@ -109,14 +109,22 @@ export default class WSServer {
} }
// Try to parse the Origin header sent by the client, if it fails, kill the connection. // Try to parse the Origin header sent by the client, if it fails, kill the connection.
var _uri;
var _host; var _host;
try { try {
_host = new URL(req.headers.origin.toLowerCase()).hostname; _uri = new URL(req.headers.origin.toLowerCase());
_host = _uri.host;
} catch { } catch {
killConnection(); killConnection();
return; return;
} }
// detect fake origin headers
if (_uri.pathname !== "/" || _uri.search !== "") {
killConnection();
return;
}
// If the domain name is not in the list of allowed origins, kill the connection. // If the domain name is not in the list of allowed origins, kill the connection.
if(!this.Config.http.originAllowedDomains.includes(_host)) { if(!this.Config.http.originAllowedDomains.includes(_host)) {
killConnection(); killConnection();