mirror of https://github.com/xwiki-labs/cryptpad
remove trailing slashes from configured origins
in both the server and the example config file
This commit is contained in:
parent
c10a49145d
commit
3141d7add1
|
@ -54,7 +54,7 @@ module.exports = {
|
|||
* and it may have unintended consequences in practice.
|
||||
*
|
||||
*/
|
||||
httpUnsafeOrigin: 'http://localhost:3000/',
|
||||
httpUnsafeOrigin: 'http://localhost:3000',
|
||||
|
||||
/* httpSafeOrigin is the URL that is used for the 'sandbox' described above.
|
||||
* If you're testing or developing with CryptPad on your local machine then
|
||||
|
|
|
@ -16,15 +16,19 @@ var Env = require("./lib/env").create(config);
|
|||
|
||||
var app = Express();
|
||||
|
||||
var canonicalizeOrigin = function (s) {
|
||||
return (s || '').trim().replace(/\/+$/, '');
|
||||
};
|
||||
|
||||
(function () {
|
||||
// you absolutely must provide an 'httpUnsafeOrigin'
|
||||
if (typeof(config.httpUnsafeOrigin) !== 'string') {
|
||||
throw new Error("No 'httpUnsafeOrigin' provided");
|
||||
}
|
||||
|
||||
config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
|
||||
config.httpUnsafeOrigin = canonicalizeOrigin(config.httpUnsafeOrigin);
|
||||
if (typeof(config.httpSafeOrigin) === 'string') {
|
||||
config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, '');
|
||||
config.httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin);
|
||||
}
|
||||
|
||||
// fall back to listening on a local address
|
||||
|
|
Loading…
Reference in New Issue