commit a15261b3b3015667fb6d5151391b2d28d05fc7c4 parent b2eea914e415179fbbce2201298508b5466cfd4b Author: Dan Stillman <dstillman@zotero.org> Date: Mon, 26 Jun 2017 19:01:57 -0400 Don't enforce Host header in translation server Fixes #1251 Fixes zotero/translation-server#48 Diffstat:
| M | chrome/content/zotero/xpcom/server.js | | | 12 | ++++++------ |
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/chrome/content/zotero/xpcom/server.js b/chrome/content/zotero/xpcom/server.js @@ -250,12 +250,12 @@ Zotero.Server.DataListener.prototype._headerFinished = function() { var m = bookmarkletRe.exec(this.header); if(m) this.origin = "https://www.zotero.org"; } - } - - // Make sure the Host header is set to 127.0.0.1 to prevent DNS rebinding attacks - if (!hostRe.exec(this.header)) { - this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n")); - return; + + // Make sure the Host header is set to localhost/127.0.0.1 to prevent DNS rebinding attacks + if (!hostRe.exec(this.header)) { + this._requestFinished(this._generateResponse(400, "text/plain", "Invalid Host header\n")); + return; + } } // get first line of request