discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure we never inadvertently whitelist an empty path 

I cannot recall whether the Path field is guaranteed to be non-empty on
incoming Request values.  When in doubt...
This commit is contained in:
Saj Goonatilleke 2019-05-15 19:16:32 +10:00
parent c9b7e27f76
commit c7a9ad814b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
main.go
View File

@ -100,6 +100,10 @@ func checkAuthorizationHeader(handler http.Handler, r *http.Request, w http.Resp
} }
func checkWhitelist(handler http.Handler, r *http.Request, w http.ResponseWriter) bool { func checkWhitelist(handler http.Handler, r *http.Request, w http.ResponseWriter) bool {
if config.Whitelist == "" {
return false
}
if r.URL.Path == config.Whitelist { if r.URL.Path == config.Whitelist {
handler.ServeHTTP(w, r) handler.ServeHTTP(w, r)
return true return true