limit duo connector hosts to duo-owned domains (#1283)

2025-12-11 05:43:16 +00:00 · 2021-11-09 12:17:30 -05:00
parent 83fed7d66f
commit 9061af54bf
1 changed files with 6 additions and 0 deletions
--- a/src/connectors/duo.ts
+++ b/src/connectors/duo.ts
@@ -12,6 +12,12 @@ document.addEventListener('DOMContentLoaded', event => {
    const hostParam = getQsParam('host');
    const requestParam = getQsParam('request');
    var hostUrl = new URL('https://' + hostParam);
    if (!hostUrl.hostname.endsWith('.duosecurity.com') && !hostUrl.hostname.endsWith('.duofederal.com')) {
        return;
    }
    DuoWebSDK.init({
        iframe: 'duo_iframe',
        host: hostParam,