Fix the host checks to only check against hostname.

Fixes https://github.com/etesync/etesync-web/issues/183
As discussed in #66
Continuation of 843b59a0ac.
This commit is contained in:
Tom Hacohen 2020-11-20 18:11:35 +02:00
parent 49da4ea666
commit d893d35c6f

View File

@ -708,7 +708,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
elif challenge_data["userId"] != user.id:
content = {"code": "wrong_user", "detail": "This challenge is for the wrong user"}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
elif not settings.DEBUG and host.split(":", 1)[0] != request.get_host():
elif not settings.DEBUG and host.split(':', 1)[0] != request.get_host().split(':', 1)[0]:
detail = 'Found wrong host name. Got: "{}" expected: "{}"'.format(host, request.get_host())
content = {"code": "wrong_host", "detail": detail}
return Response(content, status=status.HTTP_400_BAD_REQUEST)