mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/imputnet/cobalt.git synced 2025-06-28 09:28:29 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

api/core: limit authorization header length

Browse Source
This commit is contained in:
wukko 2024-08-17 00:13:26 +06:00
parent a49a87544c
commit c54294601b
No known key found for this signature in database
GPG Key ID: 3E30B3F26C7B4AA2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/core/api.js
View File

@ -157,7 +157,7 @@ export function runAPI(express, app, __dirname) {
return fail("error.api.auth.jwt.missing");
}
if (!authorization.startsWith("Bearer ")) {
if (!authorization.startsWith("Bearer ") || authorization.length > 256) {
return fail("error.api.auth.jwt.invalid");
}