mirrors/zotero
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Don't enforce Host header in translation server

Browse source 
Fixes #1251
Fixes zotero/translation-server#48
This commit is contained in:
Dan Stillman 2017-06-26 19:01:57 -04:00
parent b2eea914e4
commit a15261b3b3
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
chrome/content/zotero/xpcom/server.js
View file

@ -250,12 +250,12 @@ Zotero.Server.DataListener.prototype._headerFinished = function() {
var m = bookmarkletRe.exec(this.header); var m = bookmarkletRe.exec(this.header);
if(m) this.origin = "https://www.zotero.org"; if(m) this.origin = "https://www.zotero.org";
} }
}
// Make sure the Host header is set to localhost/127.0.0.1 to prevent DNS rebinding attacks
// Make sure the Host header is set to 127.0.0.1 to prevent DNS rebinding attacks if (!hostRe.exec(this.header)) {
if (!hostRe.exec(this.header)) { this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n"));
this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n")); return;
return; }
} }
// get first line of request // get first line of request