fix

https://github.com/misskey-dev/misskey/commit/d53795184cd0ee326b0da58b267e3460f948703c#r62707827
author: syuilo <Syuilotan@yahoo.co.jp> 2022-01-01 22:28:02 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2022-01-01 22:28:02 +0900
commit: 158dd49b3d9a4162520da824a01f8993548375ca (patch)
tree: ccbb7fec1ade745e88851c190b034a07b19b721e /packages/backend/src/server/proxy
parent: Revert "revert d53795184" (diff)
download: misskey-158dd49b3d9a4162520da824a01f8993548375ca.tar.gz
misskey-158dd49b3d9a4162520da824a01f8993548375ca.tar.bz2
misskey-158dd49b3d9a4162520da824a01f8993548375ca.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts
index b116b4b961..aba08bb805 100644
--- a/packages/backend/src/server/proxy/proxy-media.ts
+++ b/packages/backend/src/server/proxy/proxy-media.ts
@@ -19,6 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) {
 
 		const { mime, ext } = await detectType(path);
 
+		if (!mime.startsWith('image/')) throw 403;
 		if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403;
 
 		let image: IImage;
author	syuilo <Syuilotan@yahoo.co.jp>	2022-01-01 22:28:02 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2022-01-01 22:28:02 +0900
commit	158dd49b3d9a4162520da824a01f8993548375ca (patch)
tree	ccbb7fec1ade745e88851c190b034a07b19b721e /packages/backend/src/server/proxy
parent	Revert "revert d53795184" (diff)
download	misskey-158dd49b3d9a4162520da824a01f8993548375ca.tar.gz misskey-158dd49b3d9a4162520da824a01f8993548375ca.tar.bz2 misskey-158dd49b3d9a4162520da824a01f8993548375ca.zip