Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2025-06-12 13:17:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

api/core: limit authorization header length

Browse Source
This commit is contained in:
wukko
2024-08-17 00:13:26 +06:00
parent a49a87544c
commit c54294601b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/core/api.js
View File

@ -157,7 +157,7 @@ export function runAPI(express, app, __dirname) {
return fail("error.api.auth.jwt.missing");
}
if (!authorization.startsWith("Bearer ")) {
if (!authorization.startsWith("Bearer ") || authorization.length > 256) {
return fail("error.api.auth.jwt.invalid");
}