openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: rate-limit /manifest.webmanifest route (CodeQL #9)

Browse Source 
Applies the existing apiLimiter middleware to the manifest route,
which performs a DB lookup without prior rate limiting.

Closes https://github.com/ulsklyc/oikos/security/code-scanning/9
This commit is contained in:
Ulas Kalayci
2026-05-09 10:09:29 +02:00
parent ee53f1cfd7
commit 4aaa6a1589
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/index.js
+1 -1
View File
@@ -176,7 +176,7 @@ app.get('/api/v1/version', (req, res) => {
res.json({ version: APP_VERSION, app_name: appName }); res.json({ version: APP_VERSION, app_name: appName });
}); });
app.get('/manifest.webmanifest', (req, res) => { app.get('/manifest.webmanifest', apiLimiter, (req, res) => {
let appName = DEFAULT_APP_NAME; let appName = DEFAULT_APP_NAME;
try { try {
const row = db.get().prepare('SELECT value FROM sync_config WHERE key = ?').get('app_name'); const row = db.get().prepare('SELECT value FROM sync_config WHERE key = ?').get('app_name');