mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-27 09:35:39 -05:00
Actually do filter safe paths, but allow any other domain
This commit is contained in:
parent
b08c1af038
commit
6cbc6452fc
1 changed files with 2 additions and 0 deletions
|
@ -63,6 +63,8 @@ setupDomainFilterMiddleware = (app) ->
|
|||
domainPrefix = req.host.match(domainRegex)?[1] or ''
|
||||
if _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and (req.host isnt domainPrefix + config.unsafeContentHostname)
|
||||
res.redirect('http://' + domainPrefix + config.unsafeContentHostname + req.path)
|
||||
else if not _.any(unsafePaths, (pathRegex) -> pathRegex.test(req.path)) and req.host is domainPrefix + config.unsafeContentHostname
|
||||
res.redirect('http://' + domainPrefix + config.mainHostname + req.path)
|
||||
else
|
||||
next()
|
||||
|
||||
|
|
Loading…
Reference in a new issue