Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[LAN] check origin for all the DNS records to be local in order to mitigate DNS rebinding attacks.

This commit is contained in:
hackademix 2022-02-15 10:22:53 +01:00
parent fd60a1c359
commit d300c5aa4e
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/bg/RequestGuard.js
View File

@ -424,8 +424,7 @@ var RequestGuard = (() => {
// check cross-zone WAN->LAN requests // check cross-zone WAN->LAN requests
if (enforced && originUrl && !Sites.isInternal(originUrl) && url.startsWith("http") && if (enforced && originUrl && !Sites.isInternal(originUrl) && url.startsWith("http") &&
!policy.can(originUrl, "lan", ns.policyContext(request)) && !policy.can(originUrl, "lan", ns.policyContext(request)) &&
(await iputil.isLocalURI(url)) && !(await iputil.isLocalURI(originUrl))) { (await iputil.isLocalURI(url)) && !(await iputil.isLocalURI(originUrl, true))) {
debug("WAN->LAN request blocked", request); debug("WAN->LAN request blocked", request);
let r = Object.assign({}, request); let r = Object.assign({}, request);
r.url = originUrl; // we want to report the origin as needing the permission r.url = originUrl; // we want to report the origin as needing the permission