diff options
author | cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> | 2020-03-28 15:27:10 -0400 |
---|---|---|
committer | cel <cel@lOUVT+Phkvai9a/cCS/RKo+S9hnPAQdVixms/7ldpPA=.ed25519> | 2020-04-10 16:11:50 -0400 |
commit | 5a719f74ab1963f17275e28ae0aa9779b4b1ec03 (patch) | |
tree | cd897362837591a6ef434fa5fe119cd20e663ae0 /lib/serve.js | |
parent | c87ebee6a707d1031fedf2247b440e6aab04332d (diff) | |
download | patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.tar.gz patchfoo-5a719f74ab1963f17275e28ae0aa9779b4b1ec03.zip |
Restrict access based on Host header
Diffstat (limited to 'lib/serve.js')
-rw-r--r-- | lib/serve.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/serve.js b/lib/serve.js index c3e2115..fdf24f7 100644 --- a/lib/serve.js +++ b/lib/serve.js @@ -112,6 +112,12 @@ Serve.prototype.go = function () { } } + if (!this.app.isAllowedHostHeader(this.req.headers.host)) { + console.error('Host header not allowed: "' + this.req.headers.host + '"') + this.res.writeHead(403) + return this.res.end('Forbidden') + } + this.replyMentionFeeds = conf.replyMentionFeeds == null ? true : Boolean(conf.replyMentionFeeds) |