From 681357759efb593c483913eedad593ea32677164 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 5 Apr 2023 20:24:46 +0200
Subject: [PATCH] Fix permitted url checker

---
 Controllers/CookieProxyController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Controllers/CookieProxyController.cs b/Controllers/CookieProxyController.cs
index 4ae86e3..5bf2b9f 100644
--- a/Controllers/CookieProxyController.cs
+++ b/Controllers/CookieProxyController.cs
@@ -12,7 +12,7 @@ public class CookieProxyController : Controller {
 	[Route("/api/cookieproxy_stage_one")]
 	public IActionResult StageOne([FromQuery] string tgt) {
 		// Check if we are on the correct domain
-		if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}")
+		if (Request.Host.Host != $"{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}" && Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
 			return StatusCode(StatusCodes.Status421MisdirectedRequest);
 
 		var dstDomain = AuthHelpers.GetRootDomain(tgt);