Skip to content

Commit 7b14b39

Browse files
NGPixelNGPixel
authoredJan 29, 2022
fix: prevent upload bypass via uppercase path
1 parent cab16ee commit 7b14b39

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed
 

‎server/helpers/security.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ module.exports = {
3232
token = req.cookies['jwt']
3333
}
3434
// Force uploads to use Auth headers
35-
if (req.path === '/u') {
35+
if (req.path.toLowerCase() === '/u') {
3636
return null
3737
}
3838
return token

0 commit comments

Comments
 (0)