Don't leak allowed origins in error message

2019-09-02 02:09:53 +02:00 · 2019-09-02 02:09:53 +02:00 · 9ac96cdd50
commit 9ac96cdd50
parent 3c4bc6ae35
1 changed files with 1 additions and 1 deletions
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@ -735,7 +735,7 @@ class UiRequest(object):
                origin_host = origin.split("://", 1)[-1]
                if origin_host != host and origin_host not in self.server.allowed_ws_origins:
                    ws.send(json.dumps({"error": "Invalid origin: %s" % origin}))
-                    return self.error403("Invalid origin: %s %s" % (origin, self.server.allowed_ws_origins))
+                    return self.error403("Invalid origin: %s" % origin)

            # Find site by wrapper_key
            wrapper_key = self.get["wrapper_key"]