tolerate trailing slashes in httpSafeDomain

2020-04-03 10:37:23 -04:00
parent 3b05d24f10
commit 9fa93172cf
2 changed files with 6 additions and 12 deletions
--- a/server.js
+++ b/server.js
@@ -42,7 +42,8 @@ if (process.env.PACKAGE) {
        throw new Error("No 'httpUnsafeOrigin' provided");
    }

-    config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim().replace(/\/$/, '');
+    config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
+    config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, '');

    // fall back to listening on a local address
    // if httpAddress is not a string
@@ -125,15 +126,12 @@ var setHeaders = (function () {
    if (Object.keys(headers).length) {
        return function (req, res) {
            const h = [
-                    /^\/+pad\/inner\.html.*/,
+                    /^\/pad\/inner\.html.*/,
                    /^\/common\/onlyoffice\/.*\/index\.html.*/,
-                    /^\/+(sheet|ooslide|oodoc)\/in.*\.html.*/,
+                    /^\/(sheet|ooslide|oodoc)\/inner\.html.*/,
                ].some((regex) => {
-                    if (regex.test('' + req.url)) {
-                        console.log('CSP MATCH: [%s] <= [%s]', regex, req.url);
-                        return true;
-                    }
-                }) ? padHeaders: headers;
+                    return regex.test(req.url);
+                }) ? padHeaders : headers;
            for (let header in h) { res.setHeader(header, h[header]); }
        };
    }