Navy.gif/owncast
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce https before indieauth parsing. For #2492

Browse Source
This commit is contained in:
Gabe Kangas 2022-12-23 20:50:12 -08:00
parent 87eeeffa1c
commit 3894f410d2
No known key found for this signature in database
GPG Key ID: 4345B2060657F330
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/indieauth/helpers.go
View File

@ -74,6 +74,10 @@ func getAuthEndpointFromURL(urlstring string) (*url.URL, error) {
return nil, errors.Wrap(err, "unable to parse URL")
}
if htmlDocScrapeURL.Scheme != "https" {
return nil, fmt.Errorf("url must be https")
}
r, err := http.Get(htmlDocScrapeURL.String()) // nolint:gosec
if err != nil {
return nil, err