From 16992e057de035f9a70c244221b67e3e645dc3e9 Mon Sep 17 00:00:00 2001
From: undefined <i@undefined.moe>
Date: Fri, 10 Nov 2023 21:50:24 +0800
Subject: [PATCH] core: handle invalid referer url

---
 packages/hydrooj/src/service/server.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/hydrooj/src/service/server.ts b/packages/hydrooj/src/service/server.ts
index a71ea46c..21783530 100644
--- a/packages/hydrooj/src/service/server.ts
+++ b/packages/hydrooj/src/service/server.ts
@@ -189,8 +189,12 @@ export class Handler extends HandlerCommon {
 
     async init() {
         if (this.request.method === 'post' && this.request.headers.referer && !this.context.cors && !this.allowCors) {
-            const host = new URL(this.request.headers.referer).host;
-            if (host !== this.request.host) this.context.pendingError = new CsrfTokenError(host);
+            try {
+                const host = new URL(this.request.headers.referer).host;
+                if (host !== this.request.host) this.context.pendingError = new CsrfTokenError(host);
+            } catch (e) {
+                this.context.pendingError = new CsrfTokenError();
+            }
         }
         if (!argv.options.benchmark) await this.limitRate('global', 5, 100);
         if (!this.noCheckPermView && !this.user.hasPriv(PRIV.PRIV_VIEW_ALL_DOMAIN)) this.checkPerm(PERM.PERM_VIEW);