We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 8bb1759 commit dc397b4Copy full SHA for dc397b4
1 file changed
app.js
@@ -5,6 +5,20 @@ const axios = require('axios');
5
const app = express();
6
7
app.get('/camera', async (req, res) => {
8
+ const origin = req.get('origin') || req.get('referer') || '';
9
+ const allowedDomain = 'eplus.dev';
10
+
11
+ try {
12
+ const url = new URL(origin);
13
+ const hostname = url.hostname;
14
15
+ if (hostname !== allowedDomain && !hostname.endsWith(`.${allowedDomain}`)) {
16
+ return res.status(403).send('Access denied');
17
+ }
18
+ } catch (e) {
19
+ return res.status(403).send('Invalid origin');
20
21
22
const { id, bg = 'black' } = req.query;
23
24
if (!id) return res.status(400).send('Missing camera id');
0 commit comments