cthrace/collabvm-1.2.ts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

detect fake origin headers

Browse Source
This commit is contained in:
Elijah R
2024-03-31 13:36:55 -04:00
parent 05e5ea44a0
commit b815bf8874
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/WSServer.ts
View File

@@ -109,14 +109,22 @@ export default class WSServer {
}
// Try to parse the Origin header sent by the client, if it fails, kill the connection.
var _uri;
var _host;
try {
_host = new URL(req.headers.origin.toLowerCase()).hostname;
_uri = new URL(req.headers.origin.toLowerCase());
_host = _uri.host;
} catch {
killConnection();
return;
}
// detect fake origin headers
if (_uri.pathname !== "/" || _uri.search !== "") {
killConnection();
return;
}
// If the domain name is not in the list of allowed origins, kill the connection.
if(!this.Config.http.originAllowedDomains.includes(_host)) {
killConnection();