From be25390400cf272cde77c8f544f3eed81f286f2f Mon Sep 17 00:00:00 2001
From: Chris Brame <polonel@gmail.com>
Date: Fri, 30 Nov 2018 02:20:42 -0500
Subject: [PATCH] chore(security): updates to origin check

---
 src/middleware/middleware.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
index ed24d5161..446f0caf6 100644
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -143,7 +143,7 @@ middleware.checkCaptcha = function(req, res, next) {
 
 middleware.checkOrigin = function(req, res, next) {
     var origin = req.headers.origin;
-    var host = req.protocol + '://' + req.headers.host;
+    var host = req.headers.host;
 
     //Firefox Hack - Firefox Bug 1341689 & 1424076
     //Trudesk Bug #26
@@ -151,6 +151,8 @@ middleware.checkOrigin = function(req, res, next) {
     if (!origin)
         origin = host;
 
+    origin = origin.replace(/^https?:\/\//, '');
+
     if (origin !== host)
         return res.status(400).json({success: false, error: 'Invalid Origin!'});