Merge pull request #10 from Reloadly/develop

Security hardening
Reloadly · Jan 23, 2023 · 4dc640a · 4dc640a
2 parents 3b18ca1 + 2b44adf
commit 4dc640a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@prizemates/http-firewall",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "HTTP Firewall based on Spring Security HttpFirewall",
   "private": false,
   "main": "./lib/index.js",

diff --git a/src/demo/demo.ts b/src/demo/demo.ts
@@ -17,7 +17,7 @@ app.listen(port, () => {
 
 function firewallOptions(): HttpFirewallOptions {
   // Allows traffic from specific hosts only
-  const allowedHostnamesPredicate = Predicate.of<string>((h) => h.endsWith('example.com')).or(
+  const allowedHostnamesPredicate = Predicate.of<string>((h) => h === 'www.example.com').or(
     Predicate.of<string>((h) => h === 'localhost'),
   );
 

diff --git a/src/strict-http-firewall.ts b/src/strict-http-firewall.ts
@@ -273,7 +273,7 @@ class StrictHttpFirewall {
   private readonly allowedHttpMethods: HttpMethod[] = this.createDefaultAllowedHttpMethods();
   private readonly allowedHostnames: Predicate<String> = new Predicate<string>((hostName) => true);
   private readonly ASSIGNED_AND_NOT_ISO_CONTROL_PATTERN: RegExp = new RegExp(
-    `[\p{IsAssigned}&&[^\p{IsControl}]]*`,
+    '[\\p{IsAssigned}&&[^\\p{IsControl}]]*',
     'g',
   );
   private readonly ASSIGNED_AND_NOT_ISO_CONTROL_PREDICATE: Predicate<string> = new Predicate<string>((testName) =>