Skip to content

Commit

Permalink
correction in req headers for callback api social networks
Browse files Browse the repository at this point in the history
  • Loading branch information
@hichri-louay
hichri-louay committed Jan 22, 2024
1 parent 2f1b52d commit fc424e8
Showing 1 changed file with 12 additions and 12 deletions.
24 changes: 12 additions & 12 deletions routes/profile.routes.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -645,7 +645,7 @@ router.get(
(req, res, next) => {
passport.authenticate('facebook_strategy_add_channel', {
failureRedirect:
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL )+
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL )+

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
req.query.state.split('|')[1] +
'?message=access-denied',
})(req, res, next)
Expand All @@ -655,7 +655,7 @@ router.get(
redirect = req.query.state.split('|')[1]
let message = req.authInfo.message
response.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
redirect +
'?message=' +
message +
Expand Down Expand Up @@ -743,7 +743,7 @@ router.get(
if (!req.query.error) next()
else
res.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
redirect +
'?message=access-denied&sn=linkd'
)
Expand All @@ -754,7 +754,7 @@ router.get(
let redirect = req.query.state.split('|')[1]
let message = req.authInfo.message
res.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
redirect +
'?message=' +
message +
Expand Down Expand Up @@ -804,7 +804,7 @@ router.get(
(req, res, next) => {
passport.authenticate('tikTok_strategy_add_channel', {
failureRedirect:
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
req.query.state.split('|')[1] +
'?message=access-denied',
})(req, res, next)
Expand All @@ -819,7 +819,7 @@ router.get(
message = 'account_linked_with_success'
}
response.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
redirect +
'?message=' +
message +
Expand Down Expand Up @@ -868,7 +868,7 @@ router.get(
(req, res, next) => {
passport.authenticate('youtube_strategy_add_channel', {
failureRedirect:
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
req.query.state.split('|')[1] +
'?message=access-denied&sn=youtue',
})(req, res, next)
Expand All @@ -882,7 +882,7 @@ router.get(
message = 'account_linked_with_success'
}
res.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + redirect + '?message=' + message
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + redirect + '?message=' + message

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
)
} catch (err) {
res.end(
Expand Down Expand Up @@ -1181,7 +1181,7 @@ router.get(
(req, res, next) => {
passport.authenticate('link_facebook_account', {
failureRedirect:
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
'/home/settings/social-networks?message=access-denied',
})(req, res, next)
},
Expand All @@ -1190,7 +1190,7 @@ router.get(
let state = req.query.state.split('|')
let url = state[1]
response.redirect(
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + url + '?message=' + req.authInfo.message
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + url + '?message=' + req.authInfo.message

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
)
} catch (e) {}
}
Expand Down Expand Up @@ -1236,7 +1236,7 @@ router.get(
(req, res, next) => {
passport.authenticate('link_google_account', {
failureRedirect:
(process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +
(process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) +

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
'/home/settings/social-networks?message=access-denied',
})(req,res,next)
},
Expand All @@ -1245,7 +1245,7 @@ router.get(
let state = req.query.state.split('|')
let url = state[1]
let message = req.authInfo.message
res.redirect((process.env.NODE_ENV === "mainnet" ? (req.origins.header.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + url + '?message=' + message)
res.redirect((process.env.NODE_ENV === "mainnet" ? (req.headers.origin.includes('https://app.satt.com') ? process.env.METAMASK_BASED_URL : process.env.BASED_URL) : process.env.BASED_URL ) + url + '?message=' + message)

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
https://app.satt.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
} catch (e) {}
}
)
Expand Down

0 comments on commit fc424e8

Please sign in to comment.