mirrors/mempool
1
0
Fork 0
mirror of https://github.com/mempool/mempool.git synced 2024-11-20 02:11:49 +01:00
Code Issues Projects Releases Wiki Activity

nginx: Fix gixy test http_splitting

Browse Source 
Fixes test error:
```
>> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" or "\r" may lead to http injection.
```

Summary: `$uri` should never be used in `return` statements.
See: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md

In this case, `$uri` always equals `/`, so just replace it.
This commit is contained in:
Erik Arvstedt 2022-07-11 15:25:42 +02:00
parent 4b3cc7396c
commit eec82e1bf9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
production/nginx/server-common.conf
View File

@ -49,7 +49,7 @@ add_header Vary Cookie;
# cache redirect for 10 minutes
location = / {
if ($lang != '') {
return 302 $scheme://$host/$lang$uri;
return 302 $scheme://$host/$lang/;
}
try_files /en-US/index.html =404;
expires 10m;