github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-07-14 01:03:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Add option for WebUI Host header validation

Browse source 
Closes #9743.
This commit is contained in:
Chocobo1 2018-11-16 13:41:27 +08:00
parent 39ee27785c
commit 344e47dcfb
No known key found for this signature in database
GPG key ID: 210D9C873253A68C
8 changed files with 67 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/webui/webapplication.cpp
View file

@ -452,6 +452,7 @@ void WebApplication::configure()
m_isClickjackingProtectionEnabled = pref->isWebUiClickjackingProtectionEnabled();
m_isCSRFProtectionEnabled = pref->isWebUiCSRFProtectionEnabled();
m_isHostHeaderValidationEnabled = pref->isWebUIHostHeaderValidationEnabled();
m_isHttpsEnabled = pref->isWebUiHttpsEnabled();
}
@ -542,7 +543,7 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
try {
// block suspicious requests
if ((m_isCSRFProtectionEnabled && isCrossSiteRequest(m_request))
|| !validateHostHeader(m_domainList)) {
|| (m_isHostHeaderValidationEnabled && !validateHostHeader(m_domainList))) {
throw UnauthorizedHTTPError();
}