Commit 977921c
committed
fix(security): strictly compare DNS TXT record in domain verification
Previously used txt.includes(record.txtRecord), which would accept any
TXT record that contained the verification string as a substring. Switch
to strict equality so domain verification cannot be spoofed by embedding
the token inside another record.
Refs #101 parent 0a94f99 commit 977921c
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
43 | | - | |
| 43 | + | |
44 | 44 | | |
45 | 45 | | |
46 | 46 | | |
| |||
0 commit comments