Login: Add logging for incorrect JS hostnames

2024-04-02 11:34:02 +02:00
parent 20d0a9a0ed
commit f3f42a8a42
7 changed files with 78 additions and 3 deletions
--- a/src/pretix/static/pretixcontrol/js/auth.js
+++ b/src/pretix/static/pretixcontrol/js/auth.js
@@ -0,0 +1,21 @@
+var hiddenfield = document.querySelector("input[name=origin][type=hidden]");
+if (hiddenfield) {
+    hiddenfield.value = window.location.origin
+}
+async function runCheck() {
+    if (document.getElementById("good_origin")) {
+        if (document.getElementById("good_origin").innerText.split('').reverse().join('') !== window.location.origin) {
+            const response = await fetch(document.getElementById("bad_origin_report_url").innerText.split('').reverse().join(''), {
+                method: "POST",
+                mode: "cors",
+                referrerPolicy: "unsafe-url",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+                body: "origin=" + window.location.origin,
+            });
+        }
+    }
+}
+
+runCheck();