Merge pull request #3514 from edx/max/once-more-with-feeling

SEC-220: actually block /login?next=/favicon.ico

Merge pull request #3514 from edx/max/once-more-with-feeling
SEC-220: actually block /login?next=/favicon.ico
ad900a93 · Max Rothman · GitHub · dc92760f · 44c52591 · ad900a93
Commit ad900a93 authored 8 years ago by Max Rothman Committed by GitHub 8 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+1 -1

No files found.
--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
@@ -166,7 +166,7 @@ error_page {{ k }} {{ v }};
      {% include "basic-auth.j2" %}
    {% endif %}

-    if ( $arg_next = "favicon.ico" ) {
+    if ( $arg_next ~* "favicon.ico" ) {
      return 403;
    }