keeweb
/
keeweb
mirror of https://github.com/keeweb/keeweb.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fixed config link check

This commit is contained in:
antelle 2017-08-31 19:08:39 +02:00
parent 1ac61799fe
commit 7961d2a660
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/scripts/models/app-model.js
View File

@ -54,9 +54,7 @@ const AppModel = Backbone.Model.extend({
loadConfig: function(configLocation) {
return new Promise((resolve, reject) => {
if (configLocation.indexOf('//') >= 0) {
throw 'Config must be located on the same domain';
}
this.ensureCanLoadConfig(configLocation);
this.appLogger.debug('Loading config from', configLocation);
const ts = this.appLogger.ts();
const xhr = new XMLHttpRequest();
@ -94,6 +92,19 @@ const AppModel = Backbone.Model.extend({
});
},
ensureCanLoadConfig(url) {
if (!FeatureDetector.isSelfHosted) {
throw 'Configs are supported only in self-hosted installations';
}
const link = document.createElement('a');
link.href = url;
const isExternal = link.host && link.host !== location.host;
if (isExternal) {
throw 'Loading config from this location is not allowed';
}
document.removeChild(link);
},
applyUserConfig(config) {
this.settings.set(config.settings);
if (config.files) {