Commit Graph

7 Commits

Author SHA1 Message Date
Stefan Weil
be7e22ddc2 Fix some typos (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2023-01-10 19:07:51 +01:00
Matthias Schiffer
a83466be6e gluon-web: prohibit cross-origin POST
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
2022-02-01 23:27:38 +01:00
Matthias Schiffer
f3960eeb47 gluon-web: improve error handling of parse_message_body()
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.

We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.
2022-02-01 23:27:38 +01:00
bobcanthelpyou
4249d65af7 treewide: fix luacheck warnings 2019-06-16 22:51:53 +02:00
Matthias Schiffer
da45bd5987
treewide: do not use Lua module() 2019-06-16 15:51:43 +02:00
bobcanthelpyou
3b55cbc1f3 gluon-web: fix typos 2019-03-18 21:49:54 +01:00
Matthias Schiffer
e4b74be506
gluon-web: add package
The gluon-web package is basically a stripped-down and refactored version
of the LuCI base.
2017-02-22 01:30:58 +01:00