mirror of
				https://github.com/therootcompany/greenlock.js.git
				synced 2024-11-16 17:29:00 +00:00 
			
		
		
		
	v2.3.10: add utility fn for sanitizing hostnames, reduce buzzwords, drop old deps
This commit is contained in:
		
							parent
							
								
									20e8d09219
								
							
						
					
					
						commit
						282f748e77
					
				
							
								
								
									
										29
									
								
								index.js
									
									
									
									
									
								
							
							
						
						
									
										29
									
								
								index.js
									
									
									
									
									
								
							| @ -481,5 +481,34 @@ Greenlock.create = function (gl) { | ||||
|     gl.middleware = gl.middleware.create(gl); | ||||
|   } | ||||
| 
 | ||||
|   //var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/;
 | ||||
|   var SERVERNAME_G = /[^a-z0-9\.\-_]/; | ||||
|   gl.middleware.sanitizeHost = function (req, res, next) { | ||||
|     // Get the host:port combo, if it exists
 | ||||
|     var host = (req.headers.host||'').split(':'); | ||||
| 
 | ||||
|     // if not, move along
 | ||||
|     if (!host[0]) { next(req, res); return; } | ||||
| 
 | ||||
|     // if so, remove non-allowed characters
 | ||||
|     var safehost = host[0].replace(SERVERNAME_G, ''); | ||||
| 
 | ||||
|     // if there were unallowed characters, complain
 | ||||
|     if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) { | ||||
|       res.statusCode = 400; | ||||
|       res.end("Malformed HTTP Header: 'Host: " + host[0] + "'"); | ||||
|       return; | ||||
|     } | ||||
| 
 | ||||
|     // make lowercase
 | ||||
|     if (!gl.__sni_preserve_case) { | ||||
|       host[0] = host[0].toLowerCase(); | ||||
|       req.headers.host = host.join(':'); | ||||
|     } | ||||
| 
 | ||||
|     // carry on
 | ||||
|     next(req, res); | ||||
|   }; | ||||
| 
 | ||||
|   return gl; | ||||
| }; | ||||
|  | ||||
							
								
								
									
										22
									
								
								package.json
									
									
									
									
									
								
							
							
						
						
									
										22
									
								
								package.json
									
									
									
									
									
								
							| @ -1,6 +1,6 @@ | ||||
| { | ||||
|   "name": "greenlock", | ||||
|   "version": "2.3.9", | ||||
|   "version": "2.3.10", | ||||
|   "description": "Let's Encrypt for node.js on npm", | ||||
|   "main": "index.js", | ||||
|   "files": [ | ||||
| @ -18,25 +18,12 @@ | ||||
|     "letsencrypt", | ||||
|     "ACME", | ||||
|     "v2", | ||||
|     "v02", | ||||
|     "draft-11", | ||||
|     "draft-12", | ||||
|     "auto-sni", | ||||
|     "draft", | ||||
|     "11", | ||||
|     "12", | ||||
|     "Free SSL", | ||||
|     "Automated HTTPS", | ||||
|     "tls", | ||||
|     "https", | ||||
|     "Greenlock", | ||||
|     "letsencrypt.org", | ||||
|     "le", | ||||
|     "le.js", | ||||
|     "node", | ||||
|     "nodejs", | ||||
|     "node.js", | ||||
|     "client" | ||||
|     "Greenlock" | ||||
|   ], | ||||
|   "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", | ||||
|   "license": "(MIT OR Apache-2.0)", | ||||
| @ -55,13 +42,10 @@ | ||||
|   "dependencies": { | ||||
|     "acme": "^1.0.6", | ||||
|     "acme-v2": "^1.2.0", | ||||
|     "asn1js": "^1.2.12", | ||||
|     "certpem": "^1.0.0", | ||||
|     "certpem": "^1.1.0", | ||||
|     "le-challenge-fs": "^2.0.2", | ||||
|     "le-sni-auto": "^2.1.3", | ||||
|     "le-store-certbot": "^2.1.7", | ||||
|     "node.extend": "^1.1.5", | ||||
|     "pkijs": "^1.3.27", | ||||
|     "rsa-compat": "^1.5.0" | ||||
|   }, | ||||
|   "engines": { | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user