codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2024-11-23 15:48:11 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Actually do filter safe paths, but allow any other domain

Browse source
This commit is contained in:
Phoenix Eliot 2016-09-06 17:10:58 -07:00
parent b08c1af038
commit 6cbc6452fc
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server_setup.coffee
View file

@ -63,6 +63,8 @@ setupDomainFilterMiddleware = (app) ->
domainPrefix = req.host.match(domainRegex)?[1] or '' domainPrefix = req.host.match(domainRegex)?[1] or ''
if _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and (req.host isnt domainPrefix + config.unsafeContentHostname) if _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and (req.host isnt domainPrefix + config.unsafeContentHostname)
res.redirect('http://' + domainPrefix + config.unsafeContentHostname + req.path) res.redirect('http://' + domainPrefix + config.unsafeContentHostname + req.path)
else if not _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and req.host is domainPrefix + config.unsafeContentHostname
res.redirect('http://' + domainPrefix + config.mainHostname + req.path)
else else
next() next()