diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/server.js | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/server.js b/lib/server.js index be45ddc..d0f5716 100644 --- a/lib/server.js +++ b/lib/server.js @@ -51,6 +51,15 @@ function Server (torrent, opts) { // deny them if (req.headers.origin == null) return false + // If a 'hostname' string is specified, deny requests with a 'Host' + // header that does not match the origin of the torrent server to prevent + // DNS rebinding attacks. + if (opts.hostname) { + if (req.headers.host !== `${opts.hostname}:${server.address().port}`) { + return false + } + } + // The user allowed all origins if (opts.origin === '*') return true |