server: lowercase hostname for Host header check (#5851)

757eeacc · frob · GitHub · dd42acf7 · 757eeacc
Unverified Commit 757eeacc authored Dec 10, 2024 by frob Committed by GitHub Dec 10, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

server/routes.go server/routes.go +3 -1

No files found.
--- a/server/routes.go
+++ b/server/routes.go
@@ -1071,11 +1071,13 @@ func isLocalIP(ip netip.Addr) bool {
 }

 func allowedHost(host string) bool {
+	host = strings.ToLower(host)
+
 	if host == "" || host == "localhost" {
 		return true
 	}

-	if hostname, err := os.Hostname(); err == nil && host == hostname {
+	if hostname, err := os.Hostname(); err == nil && host == strings.ToLower(hostname) {
 		return true
 	}