Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Harden CORS origin handling.
The non quoted dots, and the missing beginning/ending delimiters allow to bypass restrictions when domains are allowed via `*.good.com`, as the dots will match any char, allowing for example `not-good.com` to slip through, and the domain name could also be a subdomain of a different domain, like `www.good.com.bad.com`.
- Loading branch information
ndm2
committed
Dec 11, 2015
1 parent
1158d60
commit 2f08e50
Showing
2 changed files
with
19 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters