extern/gotosocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-02-01 11:09:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disallow cleartext HTTP for Web Push servers

Browse Source
This commit is contained in:
Vyr Cossont 2025-01-19 16:23:11 -08:00
parent 1dd0adc617
commit 4180024b7e
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/client/push/pushsubscriptionpost.go
View File

@ -225,8 +225,7 @@ func validateNormalizeCreate(request *apimodel.WebPushSubscriptionCreateRequest)
if err != nil {
return errors.New("endpoint must be a valid URL")
}
// TODO: (Vyr) remove http option after testing
if endpointURL.Scheme != "https" && endpointURL.Scheme != "http" {
if endpointURL.Scheme != "https" {
return errors.New("endpoint must be an https:// URL")
}
if endpointURL.Host == "" {