From 757eeacc1b34c825f5927d2db86d4e73e8fdf52a Mon Sep 17 00:00:00 2001
From: frob <rick+github@frob.com.au>
Date: Tue, 10 Dec 2024 22:43:22 +0100
Subject: [PATCH] server: lowercase hostname for Host header check (#5851)

---
 server/routes.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/routes.go b/server/routes.go
index 7e8f664b9..593d372e5 100644
--- a/server/routes.go
+++ b/server/routes.go
@@ -1071,11 +1071,13 @@ func isLocalIP(ip netip.Addr) bool {
 }
 
 func allowedHost(host string) bool {
+	host = strings.ToLower(host)
+
 	if host == "" || host == "localhost" {
 		return true
 	}
 
-	if hostname, err := os.Hostname(); err == nil && host == hostname {
+	if hostname, err := os.Hostname(); err == nil && host == strings.ToLower(hostname) {
 		return true
 	}