Filter out possibly sensitive information for normal users

Fixes #407
2017-08-26 13:59:45 -07:00
parent a87dd65c1d
commit 1da91b64f6
2 changed files with 50 additions and 2 deletions
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -184,6 +184,10 @@ function getConfig(req, res, next) {
    cloudron.getConfig(function (error, cloudronConfig) {
        if (error) return next(new HttpError(500, error));

+        if (!req.user.admin) {
+            cloudronConfig = _.pick(cloudronConfig, 'apiServerOrigin', 'webServerOrigin', 'fqdn', 'version', 'progress', 'isCustomDomain', 'isDemo', 'cloudronName', 'provider');
+        }
+
        next(new HttpSuccess(200, cloudronConfig));
    });
 }