Mirrors/cobalt
1
0
Fork 0
mirror of https://github.com/wukko/cobalt.git synced 2025-06-13 05:37:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

api/core: limit authorization header length

Browse Source
This commit is contained in:
wukko
2024-08-17 00:13:26 +06:00
parent a49a87544c
commit c54294601b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/core/api.js
View File

@ -157,7 +157,7 @@ export function runAPI(express, app, __dirname) {
return fail("error.api.auth.jwt.missing"); return fail("error.api.auth.jwt.missing");
} }
if (!authorization.startsWith("Bearer ")) { if (!authorization.startsWith("Bearer ") || authorization.length > 256) {
return fail("error.api.auth.jwt.invalid"); return fail("error.api.auth.jwt.invalid");
} }