mirror of
https://github.com/trufflesecurity/xsshunter
synced 2024-11-24 13:23:04 +00:00
Critical security vulnerability fix
This commit is contained in:
Matthew Bryant (mandatory)
parent
cd319453bc
commit
4f4abf655c
1 changed files with 19 additions and 0 deletions
19
app.js
19
app.js
|
|
@ -49,6 +49,25 @@ const SCREENSHOT_FILENAME_REGEX = new RegExp(/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]
|
|||
|
||||
async function get_app_server() {
|
||||
const app = express();
|
||||
|
||||
// I have a question for Express:
|
||||
// https://youtu.be/ZtjFsQBuJWw?t=4
|
||||
app.set('case sensitive routing', true);
|
||||
|
||||
// Making 100% sure this works like it should
|
||||
// https://youtu.be/aCbfMkh940Q?t=6
|
||||
app.use(async function(req, res, next) {
|
||||
if(req.path.toLowerCase() === req.path) {
|
||||
next();
|
||||
}
|
||||
|
||||
res.status(401).json({
|
||||
"success": false,
|
||||
"error": "No.",
|
||||
"code": "WHY_ARE_YOU_SHOUTING"
|
||||
}).end();
|
||||
});
|
||||
|
||||
app.use(bodyParser.json());
|
||||
|
||||
// Set security-related headers on requests
|
||||
|
|
|
|||
Loading…
Reference in a new issue