From 3141d7add18b4782891a615665062a19e15c78f1 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 22 Mar 2021 14:12:14 +0530 Subject: [PATCH] remove trailing slashes from configured origins in both the server and the example config file --- config/config.example.js | 2 +- server.js | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/config/config.example.js b/config/config.example.js index 855a848e3..37fd5ada9 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -54,7 +54,7 @@ module.exports = { * and it may have unintended consequences in practice. * */ - httpUnsafeOrigin: 'http://localhost:3000/', + httpUnsafeOrigin: 'http://localhost:3000', /* httpSafeOrigin is the URL that is used for the 'sandbox' described above. * If you're testing or developing with CryptPad on your local machine then diff --git a/server.js b/server.js index f3ee71d0b..d2df3bba6 100644 --- a/server.js +++ b/server.js @@ -16,15 +16,19 @@ var Env = require("./lib/env").create(config); var app = Express(); +var canonicalizeOrigin = function (s) { + return (s || '').trim().replace(/\/+$/, ''); +}; + (function () { // you absolutely must provide an 'httpUnsafeOrigin' if (typeof(config.httpUnsafeOrigin) !== 'string') { throw new Error("No 'httpUnsafeOrigin' provided"); } - config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim(); + config.httpUnsafeOrigin = canonicalizeOrigin(config.httpUnsafeOrigin); if (typeof(config.httpSafeOrigin) === 'string') { - config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, ''); + config.httpSafeOrigin = canonicalizeOrigin(config.httpSafeOrigin); } // fall back to listening on a local address