From 4bd8d7eb91524cc936bc607f8291804689de35ea Mon Sep 17 00:00:00 2001
From: Daan Sprenkels
Date: Tue, 13 Nov 2018 00:14:25 +0100
Subject: Disallow creation of robots.txt in freeurl

Add a configuration setting to "hard"-disable creation of notes as
set by the configuration value. This defaults to `['robots.txt',
'favicon.ico']`, because these files are often accidentally created
by bots and browsers.

This commit fixes #1052.

Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
---
 lib/response.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/response.js')

diff --git a/lib/response.js b/lib/response.js
index 671aa120..b94f473a 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -157,7 +157,7 @@ function findNote (req, res, callback, include) {
       include: include || null
     }).then(function (note) {
       if (!note) {
-        if (config.allowFreeURL && noteId) {
+        if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
           req.alias = noteId
           return newNote(req, res)
         } else {
-- 
cgit v1.2.3