TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-23 08:16:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* fix: sanitize host headers before use

* add additional test
This commit is contained in:
Livio Spring
2025-10-29 10:05:37 +01:00
committed by GitHub
parent f4503e07cd
commit 72a5c33e6a
10 changed files with 157 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/http/middleware/instance_interceptor.go
View File

@@ -88,10 +88,10 @@ func setInstance(ctx context.Context, verifier authz.InstanceVerifier) (_ contex
defer func() { span.EndWithError(err) }()
requestContext := zitadel_http.DomainContext(ctx)
if requestContext.InstanceHost == "" {
if requestContext.InstanceDomain() == "" {
return nil, zerrors.ThrowNotFound(err, "INST-zWq7X", "Errors.IAM.NotFound")
}
instance, err := verifier.InstanceByHost(authCtx, requestContext.InstanceHost, requestContext.PublicHost)
instance, err := verifier.InstanceByHost(authCtx, requestContext.InstanceDomain(), requestContext.RequestedDomain())
if err != nil {
return nil, err
}