Send 400 when Redmine URI does not start with HTTPS

penguineer · Mar 10, 2020 · 1c2e022 · 1c2e022
1 parent 8528774
commit 1c2e022
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/app.py b/app.py
@@ -90,6 +90,8 @@ def get(self):
             redmineurl = self.get_argument('url', None)
             if redmineurl is None or redmineurl == '':
                 raise tornado.web.HTTPError(status_code=400, reason="Redmine URL must not be empty")
+            if not redmineurl.lower().startswith("https"):
+                raise tornado.web.HTTPError(status_code=400, reason="Redmine URL must start with 'HTTPS'")
             apikey = self.get_argument('apikey', None)
             if apikey is None or apikey == '':
                 raise tornado.web.HTTPError(status_code=400, reason="API key URL must not be empty")