From b88adf5e11338d8f84e8701e0e88189d1902ee88 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 30 Jan 2022 21:41:16 +0000 Subject: [PATCH] Check that referer domain exists for nodeinfo --- daemon.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 36f005881..e90c8462e 100644 --- a/daemon.py +++ b/daemon.py @@ -1142,6 +1142,10 @@ class PubServer(BaseHTTPRequestHandler): return True if not self.path.startswith('/nodeinfo/2.0'): return False + if not referer_domain: + if not debug and not self.server.unit_test: + self._400() + return True if referer_domain == self.server.domain_full: self._400() return True @@ -1151,7 +1155,7 @@ class PubServer(BaseHTTPRequestHandler): return True self.server.nodeinfo_is_active = True # is this a real website making the call ? - if not debug and not self.server.unit_test: + if not debug and not self.server.unit_test and referer_domain: # Does calling_domain look like a domain? if ' ' in referer_domain or \ ';' in referer_domain or \