suzanne.soy/zotero
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow Zotero.Server requests with Host: localhost

Browse Source 
Previously only Host: 127.0.0.1 was allowed. (The check prevents a DNS
rebinding attack.)

This allows requests to translation-server using localhost
(zotero/translation-server#48).

Fixes #125
This commit is contained in:
Dan Stillman 2017-06-26 07:52:23 -04:00
parent df2216960b
commit 9372979fb5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chrome/content/zotero/xpcom/server.js
View File

@ -237,7 +237,7 @@ Zotero.Server.DataListener.prototype._headerFinished = function() {
Zotero.debug(this.header, 5); Zotero.debug(this.header, 5);
const methodRe = /^([A-Z]+) ([^ \r\n?]+)(\?[^ \r\n]+)?/; const methodRe = /^([A-Z]+) ([^ \r\n?]+)(\?[^ \r\n]+)?/;
const hostRe = /[\r\n]Host: *127\.0\.0\.1(:[0-9]+)?[\r\n]/i; const hostRe = /[\r\n]Host: *(localhost|127\.0\.0\.1)(:[0-9]+)?[\r\n]/i;
const contentTypeRe = /[\r\n]Content-Type: *([^ \r\n]+)/i; const contentTypeRe = /[\r\n]Content-Type: *([^ \r\n]+)/i;
if(!Zotero.isServer) { if(!Zotero.isServer) {