svrjs/svrjs-shortener
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Added referrer security

Browse source
This commit is contained in:
Dorian Niemiec 2024-05-12 18:45:13 +02:00
parent 0315e0222a
commit 5da867a2fb
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
backend/serverSideScript.js
View file

@ -99,6 +99,17 @@ if (href.match(/^\/admin\/?$/)) {
}); });
return; return;
} }
var baseURL = (req.socket.encrypted ? "https" : "http") + "://" + (req.headers.host ? req.headers.host : req.socket.localAddress);
if(req.headers.referer && (req.headers.referer + "/").substring(0,baseURL.length + 1) != (baseURL + "/")) {
formatTemplate("index.html", {
"url": "",
"shorturl": "<b>CSRF detected</b>"
}, function(data) {
res.writeHead(400, {"Content-Type": "text/html; charset=utf-8"});
res.end(data);
});
return;
}
var postdata = ""; var postdata = "";
req.on("data", function(data) {postdata += data.toString();}); req.on("data", function(data) {postdata += data.toString();});
req.on("end", function() { req.on("end", function() {
@ -123,7 +134,7 @@ if (href.match(/^\/admin\/?$/)) {
return; return;
} else { } else {
function finalizeResponse(uri, id) { function finalizeResponse(uri, id) {
var shorturl = (req.socket.encrypted ? "https" : "http") + "://" + (req.headers.host ? req.headers.host : req.socket.localAddress) + "/" + id; var shorturl = baseURL + "/" + id;
formatTemplate("index.html", { formatTemplate("index.html", {
"url": antiXSS(uri), "url": antiXSS(uri),
"shorturl": "<p>Shortened URL: <b><a href=\"" + antiXSS(shorturl) + "\" target=\"_blank\">" + antiXSS(shorturl) + "</a></b>" "shorturl": "<p>Shortened URL: <b><a href=\"" + antiXSS(shorturl) + "\" target=\"_blank\">" + antiXSS(shorturl) + "</a></b>"