internal: add validation for referers and accept-encoding

Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-01-28 13:21:49 -0500
committer: Xe Iaso <me@xeiaso.net> 2024-01-28 13:24:36 -0500
commit: 2f5df3bf784fc77abd1336301bdb38d3bd318387 (patch)
tree: bdd8108f03b05c3c05c8d0251c7b6ac3706b56fc /internal/referer.go
parent: 57bd9082dd4f01fab353db4485819a2f87416245 (diff)
download: xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.tar.xz
xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/internal/referer.go b/internal/referer.go
index ec8c2be..3a7d16f 100644
--- a/internal/referer.go
+++ b/internal/referer.go
@@ -3,6 +3,7 @@ package internal
 import (
 	"expvar"
 	"net/http"
+	"net/url"
 
 	"tailscale.com/metrics"
 )
@@ -17,7 +18,12 @@ func init() {
 
 func RefererMiddleware(next http.Handler) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		referers.Add(r.Header.Get("Referer"), 1)
+		if referer := r.Header.Get("Referer"); referer != "" {
+			_, err := url.Parse(referer)
+			if err == nil {
+				referers.Add(referer, 1)
+			}
+		}
 		next.ServeHTTP(w, r)
 	}
 }
author	Xe Iaso <me@xeiaso.net>	2024-01-28 13:21:49 -0500
committer	Xe Iaso <me@xeiaso.net>	2024-01-28 13:24:36 -0500
commit	2f5df3bf784fc77abd1336301bdb38d3bd318387 (patch)
tree	bdd8108f03b05c3c05c8d0251c7b6ac3706b56fc /internal/referer.go
parent	57bd9082dd4f01fab353db4485819a2f87416245 (diff)
download	xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.tar.xz xesite-2f5df3bf784fc77abd1336301bdb38d3bd318387.zip