blitzwing/cobalt-7
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

api/core: limit authorization header length

Browse source
This commit is contained in:
wukko 2024-08-17 00:13:26 +06:00
parent a49a87544c
commit c54294601b
No known key found for this signature in database
GPG key ID: 3E30B3F26C7B4AA2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api/src/core/api.js
View file

@ -157,7 +157,7 @@ export function runAPI(express, app, __dirname) {
return fail("error.api.auth.jwt.missing");
}
if (!authorization.startsWith("Bearer ")) {
if (!authorization.startsWith("Bearer ") || authorization.length > 256) {
return fail("error.api.auth.jwt.invalid");
}