Fix permitted url checker

2023-04-05 20:24:46 +02:00 · 2023-04-05 20:24:46 +02:00 · 681357759e
parent 5ff4726f43
commit 681357759e
1 changed files with 1 additions and 1 deletions
--- a/Controllers/CookieProxyController.cs
+++ b/Controllers/CookieProxyController.cs
@ -12,7 +12,7 @@ public class CookieProxyController : Controller {
 	[Route("/api/cookieproxy_stage_one")]
 	public IActionResult StageOne([FromQuery] string tgt) {
 		// Check if we are on the correct domain
-		if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}")
+		if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}" && Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
 			return StatusCode(StatusCodes.Status421MisdirectedRequest);

 		var dstDomain = AuthHelpers.GetRootDomain(tgt);