nekomimi.pet / microcosm-rs
forked from microcosm.blue/microcosm-rs
Constellation, Spacedust, Slingshot, UFOs: atproto crates and services for microcosm
fork atom

restrict app param

bad-example.com 084d69fd 27995605

options
unified split
Changed files
+5
who-am-i
src
server.rs
+5
who-am-i/src/server.rs
··· 268 Some(parent_host), 269 ); 270 } 271 let parent_origin = url.origin().ascii_serialization(); 272 if parent_origin == "null" { 273 return err("Origin or referrer header value is opaque", true, None);
··· 268 Some(parent_host), 269 ); 270 } 271 + if let Some(ref app) = params.app { 272 + if !allowed_hosts.contains(app) { 273 + return err("Login is not allowed for this app", false, Some(app)); 274 + } 275 + } 276 let parent_origin = url.origin().ascii_serialization(); 277 if parent_origin == "null" { 278 return err("Origin or referrer header value is opaque", true, None);