From 078b2b15263adfe52480f984c3563adebf54cdc3 Mon Sep 17 00:00:00 2001
From: Ivan Yelizariev <yelizariev@it-projects.info>
Date: Wed, 4 May 2016 22:05:51 +0500
Subject: [PATCH] [IMP] add simple security check

---
 mailgun/controllers/main.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mailgun/controllers/main.py b/mailgun/controllers/main.py
index b03c8a6..a8a7d9a 100644
--- a/mailgun/controllers/main.py
+++ b/mailgun/controllers/main.py
@@ -12,5 +12,8 @@ class MailMailgun(http.Controller):
     def mailgun_notify(self, **kw):
         # mailgun notification in json format
         message_url = kw.get('message-url')
+        if not message_url.startswith('https://api.mailgun.net/'):
+            # simple security check failed
+            raise Exception('wrong message-url')
         request.env['mail.thread'].sudo().mailgun_fetch_message(message_url)
         return 'ok'