Skip to content
Permalink
Browse files Browse the repository at this point in the history
Sanitize the canonical URL after the absolute URL has been returned, …
…to mitigate poisoned `X-Forwarded-Host` headers
  • Loading branch information
Andrew Welch committed Sep 24, 2021
1 parent 4e46b79 commit 3fee7d5
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions src/services/Helper.php
Expand Up @@ -148,9 +148,8 @@ public static function safeCanonicalUrl(): string
} catch (InvalidConfigException $e) {
Craft::error($e->getMessage(), __METHOD__);
}
$url = DynamicMetaHelper::sanitizeUrl($url);

return UrlHelper::absoluteUrlWithProtocol($url);
return DynamicMetaHelper::sanitizeUrl(UrlHelper::absoluteUrlWithProtocol($url));
}

/**
Expand Down

0 comments on commit 3fee7d5

Please sign in to comment.