squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-17 14:08:03 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add option for WebUI Host header validation

Browse Source 
Closes #9743.
This commit is contained in:
Chocobo1
2018-11-16 13:41:27 +08:00
parent 39ee27785c
commit 344e47dcfb
8 changed files with 67 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/webui/webapplication.cpp
View File

@@ -452,6 +452,7 @@ void WebApplication::configure()
m_isClickjackingProtectionEnabled = pref->isWebUiClickjackingProtectionEnabled();
m_isCSRFProtectionEnabled = pref->isWebUiCSRFProtectionEnabled();
m_isHostHeaderValidationEnabled = pref->isWebUIHostHeaderValidationEnabled();
m_isHttpsEnabled = pref->isWebUiHttpsEnabled();
}
@@ -542,7 +543,7 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
try {
// block suspicious requests
if ((m_isCSRFProtectionEnabled && isCrossSiteRequest(m_request))
|| !validateHostHeader(m_domainList)) {
|| (m_isHostHeaderValidationEnabled && !validateHostHeader(m_domainList))) {
throw UnauthorizedHTTPError();
}