1
0
mirror of https://github.com/bitwarden/browser synced 2024-12-24 17:11:55 +01:00

limit duo connector hosts to duo-owned domains (#1283)

This commit is contained in:
Kyle Spearrin 2021-11-09 12:17:30 -05:00 committed by GitHub
parent 83fed7d66f
commit 9061af54bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12,6 +12,12 @@ document.addEventListener('DOMContentLoaded', event => {
const hostParam = getQsParam('host');
const requestParam = getQsParam('request');
var hostUrl = new URL('https://' + hostParam);
if (!hostUrl.hostname.endsWith('.duosecurity.com') && !hostUrl.hostname.endsWith('.duofederal.com')) {
return;
}
DuoWebSDK.init({
iframe: 'duo_iframe',
host: hostParam,