merge: Merge upstream security advisary (!707)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/707

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Hazelnoot <acomputerdog@gmail.com>
This commit is contained in:
Hazelnoot 2024-10-25 15:22:21 +00:00
commit 9562a830ed
1 changed files with 6 additions and 0 deletions

View File

@ -317,6 +317,12 @@ export class FileServerService {
);
}
if (!request.headers['user-agent']) {
throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
} else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
}
// Create temp file
const file = await this.getStreamAndTypeFromUrl(url);
if (file === '404') {