Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-12 12:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: incomplete URL substring sanitization (#4309)

Browse Source 
Co-authored-by: Peng Xiao <pengxiao@outlook.com>
This commit is contained in:
fourdim
2023-09-13 22:38:48 -04:00
committed by GitHub
parent b023c79d5c
commit 10a3a05e70
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/server/src/modules/auth/next-auth.controller.ts
View File

@@ -179,7 +179,7 @@ export class NextAuthController {
});
if (
!req.headers?.referer ||
req.headers.referer.startsWith('https://accounts.google.com')
checkUrlOrigin(req.headers.referer, 'https://accounts.google.com')
) {
res.redirect('https://community.affine.pro/c/insider-general/');
} else {
@@ -307,3 +307,11 @@ export class NextAuthController {
throw new BadRequestException(`User not found`);
}
}
const checkUrlOrigin = (url: string, origin: string) => {
try {
return new URL(url).origin === origin;
} catch (e) {
return false;
}
};