nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1e4cf25eb4
gluon/package/gluon-web/luasrc/usr/lib/lua/gluon/web
History
Matthias Schiffer 1837b1e2b3 gluon-web: prohibit cross-origin POST 
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.

(cherry picked from commit a83466be6e)
2022-02-03 17:08:07 +01:00
..
http gluon-web: prohibit cross-origin POST 2022-02-03 17:08:07 +01:00
cgi.lua gluon-web-*: replace nixio with luaposix 2018-07-17 20:08:16 +02:00
dispatcher.lua gluon-web: improve error handling of parse_message_body() 2022-02-03 17:08:07 +01:00
http.lua treewide: fix luacheck warnings 2019-06-16 22:51:53 +02:00
i18n.lua treewide: fix luacheck warnings 2019-06-16 22:51:53 +02:00
template.lua treewide: fix luacheck warnings 2019-06-16 22:51:53 +02:00
util.lua treewide: do not use Lua module() 2019-06-16 15:51:43 +02:00