This commit is contained in:
ashley 2024-06-17 13:53:54 +00:00
parent 904d6e79b2
commit d06ac6a18e

View file

@ -73,6 +73,7 @@ const proxy = async (req, res) => {
return res.status(400).send("Malformed URL"); return res.status(400).send("Malformed URL");
} }
// Sanity check, to avoid being used as an open proxy
if (!URL_WHITELIST.includes(url.host)) { if (!URL_WHITELIST.includes(url.host)) {
console.log(`==> Refusing to proxy host ${url.host}`); console.log(`==> Refusing to proxy host ${url.host}`);
res.status(401).send(`Hostname '${url.host}' is not permitted`); res.status(401).send(`Hostname '${url.host}' is not permitted`);