wiki-cafe
/
wiki-security-passportjs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update social.coffee 

don't allow unclaimed sites to be viewed by authors not in allowed_domains.
This commit is contained in:
Robert Best 2023-10-03 13:37:59 -04:00 committed by GitHub
parent d43cbe7ff6
commit cae4118bc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/social.coffee
View File

@ -408,7 +408,7 @@ module.exports = exports = (log, loga, argv) ->
res.header 'Access-Control-Allow-Origin', req.get('Origin')||'*'
res.header 'Access-Control-Allow-Credentials', 'true'
# protect unclaimed by adding "add owner isnt ''" - maybe via parameter
return next() if isAuthorized(req) or allowedToView(req)
return next() if (isAuthorized(req) and owner !== '') or allowedToView(req)
return res.redirect("/view/#{m[1]}") if m = req.url.match /\/(.*)\.html/
return res.json(['Login Required']) if req.url == '/system/sitemap.json'