gluon/package/gluon-web/luasrc
Matthias Schiffer a83466be6e gluon-web: prohibit cross-origin POST
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
2022-02-01 23:27:38 +01:00
..
usr/lib/lua/gluon/web gluon-web: prohibit cross-origin POST 2022-02-01 23:27:38 +01:00