Mercurial Hosting > luan
changeset 1743:792268dce5ec
http push security
| author | Franklin Schmidt <fschmidt@gmail.com> | 
|---|---|
| date | Wed, 09 Nov 2022 18:33:09 -0700 | 
| parents | d778f1f2598a | 
| children | db52c29605e2 | 
| files | src/luan/host/init.luan src/luan/modules/http/Http.luan | 
| diffstat | 2 files changed, 12 insertions(+), 2 deletions(-) [+] | 
line wrap: on
 line diff
--- a/src/luan/host/init.luan Tue Nov 08 09:32:46 2022 +0200 +++ b/src/luan/host/init.luan Wed Nov 09 18:33:09 2022 -0700 @@ -61,7 +61,7 @@ return u end -Http.domain = domain +Http.set_domain(domain) Hosted.is_hosted = true
--- a/src/luan/modules/http/Http.luan Tue Nov 08 09:32:46 2022 +0200 +++ b/src/luan/modules/http/Http.luan Wed Nov 09 18:33:09 2022 -0700 @@ -20,6 +20,7 @@ local String = require "luan:String.luan" local lower = String.lower or error() local trim = String.trim or error() +local regex = String.regex or error() local Time = require "luan:Time.luan" local time_format = Time.format or error() local Boot = require "luan:Boot.luan" @@ -205,6 +206,11 @@ end Http.domain = nil -- set in domain specific cases +local domain_regex = nil +function Http.set_domain(domain) + Http.domain = domain or error() + domain_regex = regex( [[^https?://]]..domain..[[(/|:)]] ) +end Http.is_serving = false @@ -212,6 +218,10 @@ return time_format(date,"EEE, dd MMM yyyy HH:mm:ss z","GMT") end -Http.push = ServerSentEvents.writeMessage -- ( url, message ) +local sse_push = ServerSentEvents.writeMessage +function Http.push( url, message ) + domain_regex==nil or domain_regex.matches(url) or error "can't push to another domain" + sse_push(url,message) +end return Http
