github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 11:16:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix: use joi uri validator in appConfig

Browse source 
validate HD_DOMAIN and HD_RENDERER_ORIGIN with the uri validator of Joi. This should prevent the problem described in #2150.

Fixes #2150

See also: https://joi.dev/api/#stringurioptions

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2022-03-04 00:01:12 +01:00
parent 7e8716ec95
commit 0a778d8a64
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/config/app.config.ts
View file

@ -17,8 +17,15 @@ export interface AppConfig {
} }
const schema = Joi.object({ const schema = Joi.object({
domain: Joi.string().label('HD_DOMAIN'), domain: Joi.string()
.uri({
scheme: /https?/,
})
.label('HD_DOMAIN'),
rendererOrigin: Joi.string() rendererOrigin: Joi.string()
.uri({
scheme: /https?/,
})
.default(Joi.ref('domain')) .default(Joi.ref('domain'))
.optional() .optional()
.label('HD_RENDERER_ORIGIN'), .label('HD_RENDERER_ORIGIN'),