Skip to content
Snippets Groups Projects
Commit 53b64634 authored by Jesus Galaz's avatar Jesus Galaz
Browse files

Trying to fix vulnerability issues

parent aae4119e
Branches
No related tags found
1 merge request!6Adding toDo app functionability
Pipeline #15726 passed
Stage: test
This commit is part of merge request !6. Comments created here will be created in the context of that merge request.
Show whitespace changes
Inline Side-by-side
Showing
with 15 additions and 0 deletions
server.js
+ 15
0
View file @ 53b64634
......@@ -2,6 +2,7 @@ const express = require('express');
const path = require('path');
const connectDB = require('./mongodb');
const session = require('express-session');
const url = require('url');
const app = express();
......@@ -9,6 +10,20 @@ const app = express();
app.use(express.json());
app.use(express.static(path.join(__dirname, 'public')));
// Allow only localhost for SSRF protection
function validateLocalhost(req, res, next) {
const remoteAddress = req.connection.remoteAddress;
// Allow requests only from localhost (IPv4 and IPv6)
if (remoteAddress !== '127.0.0.1' && remoteAddress !== '::1') {
return res.status(403).send('External requests are forbidden');
}
next();
}
app.use(validateLocalhost); // Add the middleware
// Session configuration
app.use(
session({
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment