diff options
| author | misskey-release-bot[bot] <157398866+misskey-release-bot[bot]@users.noreply.github.com> | 2024-11-22 09:15:34 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-22 09:15:34 +0000 |
| commit | e8518de054166e8293059a2f9d285718c6316f38 (patch) | |
| tree | a416a001115f7478e3a4788abcd59b1b3c0af7c3 /packages/backend/src/server/FileServerService.ts | |
| parent | Merge pull request #14741 from misskey-dev/develop (diff) | |
| parent | Release: 2024.11.0 (diff) | |
| download | misskey-e8518de054166e8293059a2f9d285718c6316f38.tar.gz misskey-e8518de054166e8293059a2f9d285718c6316f38.tar.bz2 misskey-e8518de054166e8293059a2f9d285718c6316f38.zip | |
Merge pull request #14924 from misskey-dev/develop
Release: 2024.11.0
Diffstat (limited to 'packages/backend/src/server/FileServerService.ts')
| -rw-r--r-- | packages/backend/src/server/FileServerService.ts | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/packages/backend/src/server/FileServerService.ts b/packages/backend/src/server/FileServerService.ts index 41b6d2e83d..bf0a011699 100644 --- a/packages/backend/src/server/FileServerService.ts +++ b/packages/backend/src/server/FileServerService.ts @@ -319,6 +319,12 @@ export class FileServerService { ); } + if (!request.headers['user-agent']) { + throw new StatusError('User-Agent is required', 400, 'User-Agent is required'); + } else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) { + throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive'); + } + // Create temp file const file = await this.getStreamAndTypeFromUrl(url); if (file === '404') { |