Enforce https before indieauth parsing. For #2492
This commit is contained in:
parent
87eeeffa1c
commit
3894f410d2
@ -74,6 +74,10 @@ func getAuthEndpointFromURL(urlstring string) (*url.URL, error) {
|
|||||||
return nil, errors.Wrap(err, "unable to parse URL")
|
return nil, errors.Wrap(err, "unable to parse URL")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if htmlDocScrapeURL.Scheme != "https" {
|
||||||
|
return nil, fmt.Errorf("url must be https")
|
||||||
|
}
|
||||||
|
|
||||||
r, err := http.Get(htmlDocScrapeURL.String()) // nolint:gosec
|
r, err := http.Get(htmlDocScrapeURL.String()) // nolint:gosec
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
Loading…
Reference in New Issue
Block a user