Skip to content

Commit 9ac96cd

Browse files
shortcutmeshortcutme
committed
Don't leak allowed origins in error message
1 parent 3c4bc6a commit 9ac96cd

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/Ui/UiRequest.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -735,7 +735,7 @@ def actionWebsocket(self):
735735
origin_host = origin.split("://", 1)[-1]
736736
if origin_host != host and origin_host not in self.server.allowed_ws_origins:
737737
ws.send(json.dumps({"error": "Invalid origin: %s" % origin}))
738-
return self.error403("Invalid origin: %s %s" % (origin, self.server.allowed_ws_origins))
738+
return self.error403("Invalid origin: %s" % origin)
739739

740740
# Find site by wrapper_key
741741
wrapper_key = self.get["wrapper_key"]

0 commit comments

Comments
 (0)