thiagoelg commented on code in PR #3353:
URL:
https://github.com/apache/incubator-kie-tools/pull/3353#discussion_r2575176471
##########
packages/cors-proxy/src/proxy/ExpressCorsProxy.ts:
##########
@@ -140,7 +141,18 @@ export class ExpressCorsProxy implements
CorsProxy<Request, Response> {
}
private resolveRequestInfo(request: Request): ProxyRequestInfo {
+ const origin = request.header("origin");
const targetUrl: string = (request.headers[CorsProxyHeaderKeys.TARGET_URL]
as string) ?? request.url;
+ const parsedTargetUrl = new URL(targetUrl);
+
+ if (!this.args.allowHosts.some((pattern) =>
minimatch(parsedTargetUrl.hostname, pattern))) {
+ throw new Error(`The target URL in not allowed. Requested:
${targetUrl}`);
Review Comment:
```suggestion
throw new Error(`The target URL is not allowed. Requested:
${targetUrl}`);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
