Skip to content

Commit

Permalink
avniproject/avni-security#27 | Ensure blacklisted urls are blackliste…
Browse files Browse the repository at this point in the history
…d even when they are unprotected
  • Loading branch information
vinayvenu committed Sep 25, 2023
1 parent a01d8af commit 45eabcd
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse

AuthTokenManager authTokenManager = AuthTokenManager.getInstance();
boolean isProtected = isProtected(request);
if (isProtected && ResourceProtectionStatus.isPresentIn(request, blacklistedUrls)) {
if (ResourceProtectionStatus.isPresentIn(request, blacklistedUrls)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format("%s is blacklisted for the implementation", request.getServletPath()));
} else if (isProtected) {
String derivedAuthToken = authTokenManager.getDerivedAuthToken(request, queryString);
Expand Down

0 comments on commit 45eabcd

Please sign in to comment.