fix loophole when MASTODON_ALLOW_ANY_SITE is off

This commit is contained in:
Your Name 2021-09-18 12:09:45 -04:00
parent b4e3dda09e
commit cbe4555dfd

View file

@ -98,6 +98,8 @@ def login(request):
return HttpResponseBadRequest()
def connect(request):
if not settings.MASTODON_ALLOW_ANY_SITE:
return redirect(reverse("users:login"))
domain = request.GET.get('domain').strip().lower()
app = MastodonApplication.objects.filter(domain_name=domain).first()
if app is None: