Restrict access based on Host header

author: cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> 2020-03-28 15:27:10 -0400
committer: cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> 2020-04-10 16:11:50 -0400
commit: 5a719f74ab1963f17275e28ae0aa9779b4b1ec03 (patch)
tree: cd897362837591a6ef434fa5fe119cd20e663ae0 /lib/serve.js
parent: c87ebee6a707d1031fedf2247b440e6aab04332d (diff)
download: patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.tar.gz
patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/serve.js b/lib/serve.js
index c3e2115..fdf24f7 100644
--- a/lib/serve.js
+++ b/lib/serve.js
@@ -112,6 +112,12 @@ Serve.prototype.go = function () {
     }
   }
 
+  if (!this.app.isAllowedHostHeader(this.req.headers.host)) {
+    console.error('Host header not allowed: "' + this.req.headers.host + '"')
+    this.res.writeHead(403)
+    return this.res.end('Forbidden')
+  }
+
   this.replyMentionFeeds = conf.replyMentionFeeds == null ? true :
     Boolean(conf.replyMentionFeeds)
author	cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519>	2020-03-28 15:27:10 -0400
committer	cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519>	2020-04-10 16:11:50 -0400
commit	5a719f74ab1963f17275e28ae0aa9779b4b1ec03 (patch)
tree	cd897362837591a6ef434fa5fe119cd20e663ae0 /lib/serve.js
parent	c87ebee6a707d1031fedf2247b440e6aab04332d (diff)
download	patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.tar.gz patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.zip