[security bug] www subdomain is accepted

Question

[security bug] www subdomain is accepted

Closed this issue 4 months ago · 6 comments

I tried to set the subdomain to www to check if there's a bug with it, and it accepted it.
Now the main page https://www.tsafi.xyz/ redirects to my site.

Sorry for that, I really didn't mean to do it. Please fix this bug ASAP.

Answer 1 · 2024-05-31T19:13:36.000Z

I just pushed a fix, thanks for pointing this out

Answer 2 · 2024-05-31T19:14:47.000Z

I just pushed a fix, thanks for pointing this out

Thanks for fixing that! I was stuck on the home page.

Answer 3 · 2024-05-31T19:20:24.000Z

@michaelshimeles I tried again and it still accepts it. By the way, I guess staging.tsafi.xyz should not be allowed too.

Answer 4 · 2024-05-31T19:51:28.000Z

pushing a fix

Answer 5 · 2024-05-31T19:54:39.000Z

try testing it out now @6km

Answer 6 · 2024-05-31T20:01:37.000Z

Thanks @michaelshimeles! I tested it out and it has been fixed! 🚀