mirrors/zotero
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't enforce Host header in translation server

Browse source 
Fixes #1251
Fixes zotero/translation-server#48
This commit is contained in:
Dan Stillman 2017-06-26 19:01:57 -04:00
parent b2eea914e4
commit a15261b3b3
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
chrome/content/zotero/xpcom/server.js
View file

@ -250,13 +250,13 @@ Zotero.Server.DataListener.prototype._headerFinished = function() {
var m = bookmarkletRe.exec(this.header);
if(m) this.origin = "https://www.zotero.org";
}
}
// Make sure the Host header is set to 127.0.0.1 to prevent DNS rebinding attacks
// Make sure the Host header is set to localhost/127.0.0.1 to prevent DNS rebinding attacks
if (!hostRe.exec(this.header)) {
this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n"));
return;
}
}
// get first line of request
var method = methodRe.exec(this.header);