Merge pull request from GHSA-fgxv-gw55-r5fq

* fix: Authorization Bypass Through User-Controlled Key * chore: add not safe domain test
2023-03-04 23:34:11 +08:00
parent d953675085
commit d9d79e930d
2 changed files with 14 additions and 3 deletions
--- a/rest/internal/cors/handlers_test.go
+++ b/rest/internal/cors/handlers_test.go
@@ -53,6 +53,11 @@ func TestCorsHandlerWithOrigins(t *testing.T) {
 			origins:   []string{"http://local", "http://remote"},
 			reqOrigin: "http://another",
 		},
+		{
+			name:      "not safe origin",
+			origins:   []string{"safe.com"},
+			reqOrigin: "not-safe.com",
+		},
 	}

 	methods := []string{