Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity
ghost/core/server/services/auth/session
History
Fabien 'egg' O'Carroll 244704156c
Updated all Origin header checks to handle 'null' (#12246) 
closes #12244

As per RFC 6454 the Origin header MUST be set to the string 'null' when
in a "privacy-sensitive" context. We were not handling this string and
this was causing errors. This commit updates all checks of the 'Origin'
header to treat the value 'null' as if the header was not present.

ref: https://tools.ietf.org/html/rfc6454#section-7.3
2020-10-01 09:37:22 +01:00
..
express-session.js Replaced constants file with @tryghost/constants 2020-08-11 12:51:16 +01:00
index.js Updated all Origin header checks to handle 'null' (#12246) 2020-10-01 09:37:22 +01:00
middleware.js
store.js