fix: prevent upload bypass via uppercase path

2022-01-29 18:45:51 -05:00
parent cab16ee844
commit 7b14b39de0
1 changed files with 1 additions and 1 deletions
--- a/server/helpers/security.js
+++ b/server/helpers/security.js
@@ -32,7 +32,7 @@ module.exports = {
        token = req.cookies['jwt']
      }
      // Force uploads to use Auth headers
-      if (req.path === '/u') {
+      if (req.path.toLowerCase() === '/u') {
        return null
      }
      return token