Skip to content

Commit

Permalink
fix: prevent upload bypass via uppercase path
Browse files Browse the repository at this point in the history
  • Loading branch information
NGPixel authored Jan 29, 2022
1 parent cab16ee commit 7b14b39
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion server/helpers/security.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ module.exports = {
token = req.cookies['jwt']
}
// Force uploads to use Auth headers
if (req.path === '/u') {
if (req.path.toLowerCase() === '/u') {
return null
}
return token
Expand Down

0 comments on commit 7b14b39

Please sign in to comment.