fixes origin block response to account for clients sending bad headers
This commit is contained in:
parent
26a6e4cadb
commit
b24894d98f
|
@ -15,7 +15,7 @@ export const checkOrigin: RequestHandler = (req, res, next) => {
|
|||
{ origin: req.headers.origin, referer: req.headers.referer },
|
||||
"Blocked request from origin or referer"
|
||||
);
|
||||
if (!req.accepts("html")) {
|
||||
if (!req.accepts("html") || req.accepts("*/*")) {
|
||||
return res.status(403).json({
|
||||
error: { type: "blocked_origin", message: config.blockMessage },
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue