mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-27 09:35:39 -05:00
Actually do filter safe paths, but allow any other domain
This commit is contained in:
parent
b08c1af038
commit
6cbc6452fc
1 changed files with 2 additions and 0 deletions
|
@ -63,6 +63,8 @@ setupDomainFilterMiddleware = (app) ->
|
||||||
domainPrefix = req.host.match(domainRegex)?[1] or ''
|
domainPrefix = req.host.match(domainRegex)?[1] or ''
|
||||||
if _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and (req.host isnt domainPrefix + config.unsafeContentHostname)
|
if _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and (req.host isnt domainPrefix + config.unsafeContentHostname)
|
||||||
res.redirect('http://' + domainPrefix + config.unsafeContentHostname + req.path)
|
res.redirect('http://' + domainPrefix + config.unsafeContentHostname + req.path)
|
||||||
|
else if not _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and req.host is domainPrefix + config.unsafeContentHostname
|
||||||
|
res.redirect('http://' + domainPrefix + config.mainHostname + req.path)
|
||||||
else
|
else
|
||||||
next()
|
next()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue