llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-01 10:00:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add util.IsValidOrigin() to improve CORS filter (#3301)

Browse Source 
* fix: CORS check issue

* fix: promote format

* fix: promote format

* fix: promote format

* fix: promote format

* Update application.go

* Update cors_filter.go

* Update validation.go

---------

Co-authored-by: Yang Luo <hsluoyz@qq.com>
This commit is contained in:
DacongDA
2024-10-20 20:09:21 +08:00
committed by GitHub
parent 6fcdad2100
commit c0800b7fb3
3 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
util/validation.go
View File

@ -17,6 +17,7 @@ package util
import (
"fmt"
"net/mail"
"net/url"
"regexp"
"strings"
@ -100,3 +101,21 @@ func GetCountryCode(prefix string, phone string) (string, error) {
func FilterField(field string) bool {
return ReFieldWhiteList.MatchString(field)
}
func IsValidOrigin(origin string) (bool, error) {
urlObj, err := url.Parse(origin)
if err != nil {
return false, err
}
if urlObj == nil {
return false, nil
}
originHostOnly := ""
if urlObj.Host != "" {
originHostOnly = fmt.Sprintf("%s://%s", urlObj.Scheme, urlObj.Hostname())
}
res := originHostOnly == "http://localhost" || originHostOnly == "https://localhost" || originHostOnly == "http://127.0.0.1" || originHostOnly == "http://casdoor-app" || strings.HasSuffix(originHostOnly, ".chromiumapp.org")
return res, nil
}