Constellation, Spacedust, Slingshot, UFOs: atproto crates and services for microcosm
restrict app param
+5
+5
who-am-i/src/server.rs
+5
who-am-i/src/server.rs
···
268
268
Some(parent_host),
269
269
);
270
270
}
271
+
if let Some(ref app) = params.app {
272
+
if !allowed_hosts.contains(app) {
273
+
return err("Login is not allowed for this app", false, Some(app));
274
+
}
275
+
}
271
276
let parent_origin = url.origin().ascii_serialization();
272
277
if parent_origin == "null" {
273
278
return err("Origin or referrer header value is opaque", true, None);