Fix hardened security checks
This commit is contained in:
parent
b280eeba23
commit
627cd44d14
|
@ -12,7 +12,7 @@ public class CookieProxyController : Controller {
|
|||
[Route("/api/cookieproxy_stage_one")]
|
||||
public IActionResult StageOne([FromQuery] string dstDomain, [FromQuery] string tgt) {
|
||||
// Check if we are on the correct domain
|
||||
if (Request.Host.Host != Vars.AuthProxySubdomain + Vars.UpstreamPrimaryDomain)
|
||||
if (Request.Host.Host != Vars.AuthProxySubdomain + "." + Vars.UpstreamPrimaryDomain)
|
||||
return StatusCode(StatusCodes.Status421MisdirectedRequest);
|
||||
|
||||
if (!Request.Cookies.ContainsKey("authelia_session")
|
||||
|
|
Loading…
Reference in a new issue