Browse Source

[IMP] add simple security check

pull/24/head
Ivan Yelizariev 9 years ago
parent
commit
078b2b1526
  1. 3
      mailgun/controllers/main.py

3
mailgun/controllers/main.py

@ -12,5 +12,8 @@ class MailMailgun(http.Controller):
def mailgun_notify(self, **kw): def mailgun_notify(self, **kw):
# mailgun notification in json format # mailgun notification in json format
message_url = kw.get('message-url') message_url = kw.get('message-url')
if not message_url.startswith('https://api.mailgun.net/'):
# simple security check failed
raise Exception('wrong message-url')
request.env['mail.thread'].sudo().mailgun_fetch_message(message_url) request.env['mail.thread'].sudo().mailgun_fetch_message(message_url)
return 'ok' return 'ok'
Loading…
Cancel
Save