Mirrors/xsshunter
2
0
Fork 0
mirror of https://github.com/trufflesecurity/xsshunter synced 2024-11-24 13:23:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Better path checking

Browse source
This commit is contained in:
Matthew Bryant (mandatory) 2021-09-16 22:43:16 -07:00
parent 2f35dd9a84
commit 56bb44ed90
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
api.js
View file

@ -94,9 +94,17 @@ async function set_up_api_server(app) {
constants.API_BASE_PATH + 'settings', constants.API_BASE_PATH + 'settings',
]; ];
// Check if the path being accessed required authentication
var requires_authentication = false;
AUTHENTICATION_REQUIRED_ROUTES.map(authenticated_route => {
if(req.path.toLowerCase().startsWith(authenticated_route)) {
requires_authentication = true;
}
});
// If the route is not one of the authentication required routes // If the route is not one of the authentication required routes
// then we can allow it through. // then we can allow it through.
if(!AUTHENTICATION_REQUIRED_ROUTES.includes(req.path)) { if(!requires_authentication) {
next(); next();
return; return;
} }