Fix: Host-header Injection in Password Reset & Email Verification

YasharF · Feb 19, 2025 · ea52c80 · ea52c80
1 parent 1e878a2
commit ea52c80
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/controllers/user.js b/controllers/user.js
@@ -385,7 +385,7 @@ exports.getVerifyEmail = (req, res, next) => {
       subject: 'Please verify your email address on Hackathon Starter',
       text: `Thank you for registering with hackathon-starter.\n\n
         To verify your email address, please click on the following link, or paste this into your browser:\n\n
-        http://${req.headers.host}/account/verify/${token}\n\n
+        ${process.env.BASE_URL}/account/verify/${token}\n\n
         \n\n
         Thank you!`
     };
@@ -522,7 +522,7 @@ exports.postForgot = (req, res, next) => {
       subject: 'Reset your password on Hackathon Starter',
       text: `You are receiving this email because you (or someone else) have requested the reset of the password for your account.\n\n
         Please click on the following link, or paste this into your browser to complete the process:\n\n
-        http://${req.headers.host}/reset/${token}\n\n
+        ${process.env.BASE_URL}/reset/${token}\n\n
         If you did not request this, please ignore this email and your password will remain unchanged.\n`
     };
     const mailSettings = {