fix is_safe_url

2026-04-05 11:47:50 +08:00 · 2025-02-09 22:08:21 +08:00
parent e9a147d43c
commit 5e2ad34864
1 changed files with 2 additions and 1 deletions
--- a/app/utils/security.py
+++ b/app/utils/security.py
@@ -65,6 +65,7 @@ class SecurityUtils:
            netloc = parsed_url.netloc.lower()
            if not netloc:
                return False
+            netloc_no_port = netloc.split(":")[0]

            # 检查每个允许的域名
            allowed_domains = {d.lower() for d in allowed_domains}
@@ -78,7 +79,7 @@ class SecurityUtils:
                        return True
                else:
                    # 非严格模式下，允许子域名匹配
-                    if netloc == allowed_netloc or netloc.endswith('.' + allowed_netloc):
+                    if netloc_no_port == allowed_netloc or netloc_no_port.endswith('.' + allowed_netloc):
                        return True

            return False