pimhwang
/
owncast
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Enforce https before indieauth parsing. For #2492

pull/2473/head
Gabe Kangas 3 years ago
parent
87eeeffa1c
commit
3894f410d2
No known key found for this signature in database
GPG Key ID: 4345B2060657F330
1 changed files with 4 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      auth/indieauth/helpers.go

4
auth/indieauth/helpers.go
Unescape View File

@ -74,6 +74,10 @@ func getAuthEndpointFromURL(urlstring string) (*url.URL, error) { @@ -74,6 +74,10 @@ func getAuthEndpointFromURL(urlstring string) (*url.URL, error) {
return nil, errors.Wrap(err, "unable to parse URL")
}
if htmlDocScrapeURL.Scheme != "https" {
return nil, fmt.Errorf("url must be https")
}
r, err := http.Get(htmlDocScrapeURL.String()) // nolint:gosec
if err != nil {
return nil, err

Write Preview
Loading…
Cancel
Save