tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

js: Only load URLs prefixed by the base URL

Browse Source 
(cherry picked from commit aad020511f12ad5c2dfd9859a52b1c8618be198d)
This commit is contained in:
Johannes Meyer 2025-02-21 16:33:57 +01:00
parent 8600f4fe31
commit 6ddf61981c
1 changed files with 4 additions and 0 deletions

4
public/js/icinga/loader.js

@ -221,6 +221,10 @@
loadUrl: function (url, $target, data, method, action, autorefresh, progressTimer, extraHeaders) {
var id = null;
if (url.startsWith('//') || ! url.startsWith(this.baseUrl + '/')) {
throw new Error('URL ' + url + ' is not relative to ' + this.baseUrl);
}
// Default method is GET
if ('undefined' === typeof method) {
method = 'GET';