~emersion/soju-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH] Match http-origin against src.Hostname instead of self

Details
Message ID
<20240418163539.394933-1-senan@senan.xyz>
DKIM signature
pass
Download raw message
Patch: +1 -1
it looks like for http-origin validation, path.Match() was matching a
pattern against itself. it looks to me like the validation should check
against srv.Hostname instead
---
 config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index 1d9122f..c50c5fb 100644
--- a/config/config.go
+++ b/config/config.go
@@ -220,7 +220,7 @@ func Load(filename string) (*Server, error) {
		srv.FileUpload = &FileUpload{driver, source}
	}
	for _, origin := range raw.HTTPOrigin {
		if _, err := path.Match(origin, origin); err != nil {
		if _, err := path.Match(origin, srv.Hostname); err != nil {
			return nil, fmt.Errorf("directive http-origin: %v", err)
		}
	}
-- 
2.44.0
Details
Message ID
<VaNYXfjJievj8GaI1zk7zcMSayduG70iTdtMXWshoYVy-zL2DXGB_icWZCrIEnkVH1F1hH0mM-PXBZiktqtLCvGSUyR6qV9be2Bx51Nte5E=@emersion.fr>
In-Reply-To
<20240418163539.394933-1-senan@senan.xyz> (view parent)
DKIM signature
pass
Download raw message
On Thursday, April 18th, 2024 at 18:35, sentriz <senan@senan.xyz> wrote:

> it looks like for http-origin validation, path.Match() was matching a
> pattern against itself. it looks to me like the validation should check
> against srv.Hostname instead

Hm, the goal here is to validate that the pattern is well-formed.
There is no requirement that the http-origin directive matches the
hostname.
Reply to thread Export thread (mbox)