matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Chat Federation, avoid spoofing:

Browse Source 
When sanitizing remote informations, we check that urls and hosts are on
the correct domain or subdomain.
This commit is contained in:
John Livingston
2023-05-31 16:19:45 +02:00
parent 4faf8a3aea
commit 743c4eabd9
4 changed files with 99 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/lib/federation/fetch-infos.ts
View File

@ -80,7 +80,7 @@ async function fetchMissingRemoteServerInfos (
return
}
const serverInfos = sanitizePeertubeLiveChatServerInfos(options, response)
const serverInfos = sanitizePeertubeLiveChatServerInfos(options, response, remoteInstanceUrl)
if (serverInfos) {
await storeRemoteServerInfos(options, serverInfos)
}