remove trailing slashes from configured origins

in both the server and the example config file
4 years ago · 3141d7add1
parent c10a49145d
commit 3141d7add1
2 changed files with 7 additions and 3 deletions
--- a/config/config.example.js
+++ b/config/config.example.js
@ -54,7 +54,7 @@ module.exports = {
 *  and it may have unintended consequences in practice.
 *
 */
-    httpUnsafeOrigin: 'http://localhost:3000/',
+    httpUnsafeOrigin: 'http://localhost:3000',

 /*  httpSafeOrigin is the URL that is used for the 'sandbox' described above.
 *  If you're testing or developing with CryptPad on your local machine then
--- a/server.js
+++ b/server.js
@ -16,15 +16,19 @@ var Env = require("./lib/env").create(config);

 var app = Express();

+var canonicalizeOrigin = function (s) {
+    return (s || '').trim().replace(/\/+$/, '');
+};
+
 (function () {
    // you absolutely must provide an 'httpUnsafeOrigin'
    if (typeof(config.httpUnsafeOrigin) !== 'string') {
        throw new Error("No 'httpUnsafeOrigin' provided");
    }

-    config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
+    config.httpUnsafeOrigin = canonicalizeOrigin(config.httpUnsafeOrigin);
    if (typeof(config.httpSafeOrigin) === 'string') {
-        config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, '');
+        config.httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin);
    }

    // fall back to listening on a local address