You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
constvalidOrigins=[newURL(event.request.url).host,
...(envPublic.PUBLIC_ORIGIN ? [newURL(envPublic.PUBLIC_ORIGIN).host] : []),];if(!validOrigins.includes(newURL(origin).host)){returnerrorResponse(403,"Invalid referer for POST request");}
In this code found in src/hooks.server.ts there is validation rather the referer is from the PUBLIC_ORIGIN, this is bad for 2 reasons,
the OIDC provider it self will validate the referer
If the is an NGINX (or other similar product), it will failed that for no reason (and you can't just configure the PUBLIC_ORIGIN to be your Nginx one because in this way you are have to use the NGINX and can't access straight which is weird
The text was updated successfully, but these errors were encountered:
chat-ui/src/hooks.server.ts
Line 142 in 58c1890
In this code found in
src/hooks.server.ts
there is validation rather the referer is from the PUBLIC_ORIGIN, this is bad for 2 reasons,PUBLIC_ORIGIN
to be your Nginx one because in this way you are have to use the NGINX and can't access straight which is weirdThe text was updated successfully, but these errors were encountered: