aheh/mirotalk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[mirotalk] - rb

Browse Source
This commit is contained in:
Miroslav Pejic
2025-02-10 20:46:01 +01:00
parent 2804cd7499
commit eb716eacf7
1 changed files with 5 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/src/server.js
+5 -15
View File
@@ -453,22 +453,12 @@ app.use((err, req, res, next) => {
});
return res.status(400).send({ status: 404, message: err.message }); // Bad request
}
// Remove multiple leading slashes & normalize path
let cleanPath = req.path.replace(/^\/+/, ''); // Removes all leading slashes
let query = req.url.slice(req.path.length);
// Prevent open redirect attacks by checking if the path is an external domain
if (/^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}/.test(cleanPath)) {
return res.status(400).send('Bad Request: Potential Open Redirect Detected');
if (req.path.substr(-1) === '/' && req.path.length > 1) {
let query = req.url.slice(req.path.length);
res.redirect(301, req.path.slice(0, -1) + query);
} else {
next();
}
// If a trailing slash exists, redirect to a clean version
if (req.path.endsWith('/') && req.path.length > 1) {
return res.redirect(301, '/' + cleanPath + query);
}
next();
});
// OpenID Connect - Dynamically set baseURL based on incoming host and protocol