mirror of
https://github.com/bitwarden/browser
synced 2024-12-24 17:11:55 +01:00
limit duo connector hosts to duo-owned domains (#1283)
This commit is contained in:
parent
83fed7d66f
commit
9061af54bf
@ -12,6 +12,12 @@ document.addEventListener('DOMContentLoaded', event => {
|
||||
|
||||
const hostParam = getQsParam('host');
|
||||
const requestParam = getQsParam('request');
|
||||
|
||||
var hostUrl = new URL('https://' + hostParam);
|
||||
if (!hostUrl.hostname.endsWith('.duosecurity.com') && !hostUrl.hostname.endsWith('.duofederal.com')) {
|
||||
return;
|
||||
}
|
||||
|
||||
DuoWebSDK.init({
|
||||
iframe: 'duo_iframe',
|
||||
host: hostParam,
|
||||
|
Loading…
Reference in New Issue
Block a user