Revert "revert d53795184"

This reverts commit aedbab17cc400ae7ac17498463504f40646e8673.
author: syuilo <Syuilotan@yahoo.co.jp> 2022-01-01 22:25:30 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2022-01-01 22:25:30 +0900
commit: 57d994db0cc827cecb369e09e1f44e611c6adae8 (patch)
tree: c771ddb3ad3e5266aeb61910b6a69787b4821596 /packages/backend/src/server/proxy
parent: wip (#8101) (diff)
download: misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.tar.gz
misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.tar.bz2
misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts
index 9e13c0877f..b116b4b961 100644
--- a/packages/backend/src/server/proxy/proxy-media.ts
+++ b/packages/backend/src/server/proxy/proxy-media.ts
@@ -6,6 +6,7 @@ import { createTemp } from '@/misc/create-temp';
 import { downloadUrl } from '@/misc/download-url';
 import { detectType } from '@/misc/get-file-info';
 import { StatusError } from '@/misc/fetch';
+import { FILE_TYPE_BROWSERSAFE } from '@/const';
 
 export async function proxyMedia(ctx: Koa.Context) {
 	const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url;
@@ -18,7 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) {
 
 		const { mime, ext } = await detectType(path);
 
-		if (!mime.startsWith('image/')) throw 403;
+		if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403;
 
 		let image: IImage;
author	syuilo <Syuilotan@yahoo.co.jp>	2022-01-01 22:25:30 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2022-01-01 22:25:30 +0900
commit	57d994db0cc827cecb369e09e1f44e611c6adae8 (patch)
tree	c771ddb3ad3e5266aeb61910b6a69787b4821596 /packages/backend/src/server/proxy
parent	wip (#8101) (diff)
download	misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.tar.gz misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.tar.bz2 misskey-57d994db0cc827cecb369e09e1f44e611c6adae8.zip