Przeglądaj źródła

security: Use quoted values for origin, URL, and force quoting.

jamesread 4 lat temu
rodzic
commit
ebd1c4e938

+ 5 - 0
cmd/OliveTin/main.go

@@ -22,6 +22,11 @@ var (
 )
 
 func init() {
+	log.SetFormatter(&log.TextFormatter{
+		ForceQuote: true,
+		DisableTimestamp: true,
+	})
+
 	log.WithFields(log.Fields{
 		"version": version,
 		"commit":  commit,

+ 1 - 1
internal/cors/cors.go

@@ -13,7 +13,7 @@ import (
 func AllowCors(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if origin := r.Header.Get("Origin"); origin != "" {
-			log.Debugf("Adding CORS header origin: %v", origin)
+			log.Debugf("Adding CORS header origin: %q", origin)
 
 			w.Header().Set("Access-Control-Allow-Origin", origin)
 		}

+ 2 - 2
internal/httpservers/singleFrontend.go

@@ -32,12 +32,12 @@ func StartSingleHTTPFrontend(cfg *config.Config) {
 	mux := http.NewServeMux()
 
 	mux.HandleFunc("/api/", func(w http.ResponseWriter, r *http.Request) {
-		log.Debugf("api req: %v", r.URL)
+		log.Debugf("api req: %q", r.URL)
 		apiProxy.ServeHTTP(w, r)
 	})
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		log.Debugf("ui req: %v", r.URL)
+		log.Debugf("ui req: %q", r.URL)
 		webuiProxy.ServeHTTP(w, r)
 	})