mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-29 22:36:14 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow cleartext HTTP for Web Push servers

Browse source
This commit is contained in:
Vyr Cossont 2025-01-19 16:23:11 -08:00
commit b0d0f8c0c6
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/api/client/push/pushsubscriptionpost.go
View file

@ -225,8 +225,7 @@ func validateNormalizeCreate(request *apimodel.WebPushSubscriptionCreateRequest)
if err != nil { if err != nil {
return errors.New("endpoint must be a valid URL") return errors.New("endpoint must be a valid URL")
} }
// TODO: (Vyr) remove http option after testing if endpointURL.Scheme != "https" {
if endpointURL.Scheme != "https" && endpointURL.Scheme != "http" {
return errors.New("endpoint must be an https:// URL") return errors.New("endpoint must be an https:// URL")
} }
if endpointURL.Host == "" { if endpointURL.Host == "" {