Closed fortuna closed 1 year ago
This Node.js library had the same issue, and this is how they fixed it: https://github.com/murka/outlinevpn-api/commit/1b6cbfc6203ab0abee41a73f592226af72b31647
I think this should do the job https://github.com/jadolg/outline-vpn-api/pull/11 Would you mind a quick review?
Released in version 3.0.0
The API checks the fingerprint on a test request in the constructor, but doesn't check the fingerprint in the actual requests, so they are not protected. You should validate the fingerprint on every request.