ljj
/
Hydro
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: handle invalid referer url

Browse Source
pull/675/head^2
undefined 11 months ago
parent f305cbfc60
commit 16992e057d
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
packages/hydrooj/src/service/server.ts
Unescape Escape View File

@ -189,8 +189,12 @@ export class Handler extends HandlerCommon {
async init() { async init() {
if (this.request.method === 'post' && this.request.headers.referer && !this.context.cors && !this.allowCors) { if (this.request.method === 'post' && this.request.headers.referer && !this.context.cors && !this.allowCors) {
try {
const host = new URL(this.request.headers.referer).host; const host = new URL(this.request.headers.referer).host;
if (host !== this.request.host) this.context.pendingError = new CsrfTokenError(host); if (host !== this.request.host) this.context.pendingError = new CsrfTokenError(host);
} catch (e) {
this.context.pendingError = new CsrfTokenError();
}
} }
if (!argv.options.benchmark) await this.limitRate('global', 5, 100); if (!argv.options.benchmark) await this.limitRate('global', 5, 100);
if (!this.noCheckPermView && !this.user.hasPriv(PRIV.PRIV_VIEW_ALL_DOMAIN)) this.checkPerm(PERM.PERM_VIEW); if (!this.noCheckPermView && !this.user.hasPriv(PRIV.PRIV_VIEW_ALL_DOMAIN)) this.checkPerm(PERM.PERM_VIEW);

Write Preview
Loading…
Cancel
Save