Allow well-known

2024-08-03 19:30:54 +01:00 · 2024-08-03 19:30:54 +01:00 · 428900c9a0
parent 0aec071dea
commit 428900c9a0
1 changed files with 6 additions and 0 deletions
--- a/utils.py
+++ b/utils.py
@ -5510,6 +5510,12 @@ def check_bad_path(path: str):
    """for http GET or POST check that the path looks valid
    """
    path_lower = path.lower()
+
+    # allow /.well-known/...
+    if '/.' in path_lower and \
+       path_lower.startswith('/.well-known/'):
+        return False
+
    bad_strings = ('..', '/.', '%2e%2e', '%252e%252e')
    if string_contains(path_lower, bad_strings):
        print('WARN: bad path ' + path)