[moqui/moqui-framework] c37329: In MoquiServlet change approach for validating Ori...

1 view
Skip to first unread message

David E. Jones

Aug 9, 2021, 3:59:10 PM8/9/21
to mo...@googlegroups.com
Branch: refs/heads/master
Home: https://github.com/moqui/moqui-framework
Commit: c3732952a22dbd77af66b5998873aff3a64a1db6
Author: David E Jones <d...@dejc.com>
Date: 2021-08-09 (Mon, 09 Aug 2021)

Changed paths:
M framework/src/main/groovy/org/moqui/impl/webapp/MoquiServlet.groovy

Log Message:
In MoquiServlet change approach for validating Origin header using webapp_allow_origins setting, compare by dot-separate segment instead of ends-with as a fallback that could be bypassed using a custom domain name with a prefix on an allowed one

Reply all
Reply to author
0 new messages