mirrors/owncast
1
0
Fork 0
mirror of https://github.com/owncast/owncast.git synced 2024-11-21 20:28:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

Enforce https before indieauth parsing. For #2492

Browse source
This commit is contained in:
Gabe Kangas 2022-12-23 20:50:12 -08:00
parent 87eeeffa1c
commit 3894f410d2
No known key found for this signature in database
GPG key ID: 4345B2060657F330
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
auth/indieauth/helpers.go
View file

@ -74,6 +74,10 @@ func getAuthEndpointFromURL(urlstring string) (*url.URL, error) {
return nil, errors.Wrap(err, "unable to parse URL")
}
if htmlDocScrapeURL.Scheme != "https" {
return nil, fmt.Errorf("url must be https")
}
r, err := http.Get(htmlDocScrapeURL.String()) // nolint:gosec
if err != nil {
return nil, err