mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-16 17:12:25 +08:00
security: configurable CORS origins, limit sentinel response body
- Add CORS_ALLOWED_ORIGINS config (comma-separated origins, default allow-all) - CORS middleware now validates Origin header against allowlist - Add io.LimitReader to sentinel.go (was unbounded, now 256KB) - Include previous: agent chat auth middleware + frontend token header
This commit is contained in:
@@ -133,7 +133,7 @@ func searchStock(keyword string) ([]SearchResult, error) {
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
reader := transform.NewReader(resp.Body, simplifiedchinese.GBK.NewDecoder())
|
||||
reader := transform.NewReader(io.LimitReader(resp.Body, 256*1024), simplifiedchinese.GBK.NewDecoder())
|
||||
body, err := io.ReadAll(reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user