From c7a9ad814b03b12fc62648bbd199bb67bb2ba0bc Mon Sep 17 00:00:00 2001
From: Saj Goonatilleke <saj@discourse.org>
Date: Wed, 15 May 2019 19:16:32 +1000
Subject: [PATCH] Ensure we never inadvertently whitelist an empty path

I cannot recall whether the Path field is guaranteed to be non-empty on
incoming Request values.  When in doubt...
---
 main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/main.go b/main.go
index b5826c6..2cd101d 100644
--- a/main.go
+++ b/main.go
@@ -100,6 +100,10 @@ func checkAuthorizationHeader(handler http.Handler, r *http.Request, w http.Resp
 }
 
 func checkWhitelist(handler http.Handler, r *http.Request, w http.ResponseWriter) bool {
+	if config.Whitelist == "" {
+		return false
+	}
+
 	if r.URL.Path == config.Whitelist {
 		handler.ServeHTTP(w, r)
 		return true