Mirrors/xsshunter
2
0
Fork 0
mirror of https://github.com/trufflesecurity/xsshunter synced 2025-02-26 04:07:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Critical security vulnerability fix

Browse source
This commit is contained in:
Matthew Bryant (mandatory) 2021-09-16 21:51:33 -07:00
parent cd319453bc
commit 4f4abf655c
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
app.js
View file

@ -49,6 +49,25 @@ const SCREENSHOT_FILENAME_REGEX = new RegExp(/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]
async function get_app_server() { async function get_app_server() {
const app = express(); const app = express();
// I have a question for Express:
// https://youtu.be/ZtjFsQBuJWw?t=4
app.set('case sensitive routing', true);
// Making 100% sure this works like it should
// https://youtu.be/aCbfMkh940Q?t=6
app.use(async function(req, res, next) {
if(req.path.toLowerCase() === req.path) {
next();
}
res.status(401).json({
"success": false,
"error": "No.",
"code": "WHY_ARE_YOU_SHOUTING"
}).end();
});
app.use(bodyParser.json()); app.use(bodyParser.json());
// Set security-related headers on requests // Set security-related headers on requests