Skip to content

Commit

Permalink
Added max length > 255 chars check for custom origin path
Browse files Browse the repository at this point in the history
  • Loading branch information
@magnetikonline
magnetikonline committed Apr 20, 2024
1 parent 4748e6a commit 6dc348e
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
4 changes: 4 additions & 0 deletions lib.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,10 @@ function payloadVerifyRequestOrigin(payload) {
throw new Error(`payload property [origin.custom.path] must be empty or begin, but not end with forward slash - got [${custom.path}]`);
}

if (custom.path.length > 255) {
throw new Error(`payload property [origin.custom.path] length must not exceed 255 characters - got [${custom.path}]`);
}

// ensure `origin.custom.port` is within bounds
if (
(custom.port !== 80) &&
Expand Down
6 changes: 6 additions & 0 deletions test/main-payloadverify.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -592,6 +592,12 @@ function testPayloadVerifyRequestOrigin(inst) {
}));
});

assert.throws(function() {
callVerify(makePayloadWithOriginCustom(function(payload) {
payload.origin.custom.path = '/path/too/long'.repeat(20);
}));
});

assert.throws(function() {
callVerify(makePayloadWithOriginCustom(function(payload) {
delete payload.origin.custom.port;
Expand Down

0 comments on commit 6dc348e

Please sign in to comment.