GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add missing safeEqual to notification unsubscribe endpoints (#12551)

Browse Source
This commit is contained in:
Tom Moor
2026-06-01 22:07:09 -04:00
committed by GitHub
parent b2309df76d
commit 7e252f0892
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/routes/api/notifications/notifications.ts
+1 -1
View File
@@ -39,7 +39,7 @@ const handleUnsubscribe = async (
eventType
);
if (unsubscribeToken !== token) {
if (!safeEqual(unsubscribeToken, token)) {
ctx.redirect(`${env.URL}?notice=invalid-auth`);
return;
}
server/routes/api/subscriptions/subscriptions.ts
+2 -1
View File
@@ -15,6 +15,7 @@ import { authorize } from "@server/policies";
import { presentSubscription } from "@server/presenters";
import type { APIContext } from "@server/types";
import { RateLimiterStrategy } from "@server/utils/RateLimiter";
import { safeEqual } from "@server/utils/crypto";
import pagination from "../middlewares/pagination";
import * as T from "./schema";
@@ -171,7 +172,7 @@ router.get(
documentId
);
if (unsubscribeToken !== token) {
if (!safeEqual(unsubscribeToken, token)) {
ctx.redirect(`${env.URL}?notice=invalid-auth`);
return;
}