Fix the host checks to only check against hostname.
Fixes https://github.com/etesync/etesync-web/issues/183
As discussed in #66
Continuation of 843b59a0ac
.
This commit is contained in:
parent
49da4ea666
commit
d893d35c6f
@ -708,7 +708,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
|
||||
elif challenge_data["userId"] != user.id:
|
||||
content = {"code": "wrong_user", "detail": "This challenge is for the wrong user"}
|
||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
||||
elif not settings.DEBUG and host.split(":", 1)[0] != request.get_host():
|
||||
elif not settings.DEBUG and host.split(':', 1)[0] != request.get_host().split(':', 1)[0]:
|
||||
detail = 'Found wrong host name. Got: "{}" expected: "{}"'.format(host, request.get_host())
|
||||
content = {"code": "wrong_host", "detail": detail}
|
||||
return Response(content, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
Loading…
Reference in New Issue
Block a user