blockworks-foundation
/
node-fetch
mirror of https://github.com/blockworks-foundation/node-fetch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: ReDoS referrer (#1611) 

* fix ReDoS referrer

* Update src/utils/referrer.js

Eliminate regex and use string matcher

Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>

Co-authored-by: Khang. Võ Vĩ <khangvv@vng.com.vn>
Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
This commit is contained in:
Khang Vo (doublevkay) 2022-07-31 15:01:29 +07:00 committed by GitHub
parent e87b093fd6
commit 2880238729
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/utils/referrer.js
View File

@ -119,7 +119,7 @@ export function isOriginPotentiallyTrustworthy(url) {
// 5. If origin's host component is "localhost" or falls within ".localhost", and the user agent conforms to the name resolution rules in [let-localhost-be-localhost], return "Potentially Trustworthy".
// We are returning FALSE here because we cannot ensure conformance to
// let-localhost-be-loalhost (https://tools.ietf.org/html/draft-west-let-localhost-be-localhost)
if (/^(.+\.)*localhost$/.test(url.host)) {
if (url.host === 'localhost' || url.host.endsWith('.localhost')) {
return false;
}