diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-04-16 13:09:42 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-04-16 13:09:42 +0200 |
| commit | 7883dd54998f351e2f59d1e8e4238eb906f79ade (patch) | |
| tree | 25f9863237b3a98a1b930068579f0810d7098bfc /internal/router/session.go | |
| parent | [bugfix] Use background ctx for domain block side effects (#457) (diff) | |
| download | gotosocial-7883dd54998f351e2f59d1e8e4238eb906f79ade.tar.xz | |
[bugfix] Convert IDNs to punycode before using as session name (#458)
* convert hostname to punycode for session name
* test punycode
Diffstat (limited to 'internal/router/session.go')
| -rw-r--r-- | internal/router/session.go | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/internal/router/session.go b/internal/router/session.go index be29b01c9..4c83b5902 100644 --- a/internal/router/session.go +++ b/internal/router/session.go @@ -31,6 +31,7 @@ import ( "github.com/spf13/viper" "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" + "golang.org/x/net/idna" ) // SessionOptions returns the standard set of options to use for each session. @@ -61,7 +62,14 @@ func SessionName() (string, error) { return "", fmt.Errorf("could not derive hostname without port from %s://%s", protocol, host) } - return fmt.Sprintf("gotosocial-%s", strippedHostname), nil + // make sure IDNs are converted to punycode or the cookie library breaks: + // see https://en.wikipedia.org/wiki/Punycode + punyHostname, err := idna.New().ToASCII(strippedHostname) + if err != nil { + return "", fmt.Errorf("could not convert %s to punycode: %s", strippedHostname, err) + } + + return fmt.Sprintf("gotosocial-%s", punyHostname), nil } func useSession(ctx context.Context, sessionDB db.Session, engine *gin.Engine) error { |