Fix Origin header check bypass

2025-07-01 18:37:27 -04:00 · 2019-10-20 19:45:43 +03:00
parent cd5d783c52
commit 4653c5d95d
1 changed files with 1 additions and 1 deletions
--- a/pwnagotchi/ui/web.py
+++ b/pwnagotchi/ui/web.py
@ -141,7 +141,7 @@ class Handler(BaseHTTPRequestHandler):
            return False

        if Handler.AllowedOrigin != '*':
-            if origin != Handler.AllowedOrigin and not origin.starts_with(Handler.AllowedOrigin):
+            if origin != Handler.AllowedOrigin:
                logging.warning("request with blocked Origin from %s: %s" % (self.address_string(), origin))
                return False