summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/proxy
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/proxy')
-rw-r--r--packages/backend/src/server/proxy/proxy-media.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts
index 9e13c0877f..7d6652a97a 100644
--- a/packages/backend/src/server/proxy/proxy-media.ts
+++ b/packages/backend/src/server/proxy/proxy-media.ts
@@ -6,6 +6,7 @@ import { createTemp } from '@/misc/create-temp';
import { downloadUrl } from '@/misc/download-url';
import { detectType } from '@/misc/get-file-info';
import { StatusError } from '@/misc/fetch';
+import { FILE_TYPE_WHITELIST } from '@/const';
export async function proxyMedia(ctx: Koa.Context) {
const url = 'url' in ctx.query ? ctx.query.url : 'https://' + ctx.params.url;
@@ -18,7 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) {
const { mime, ext } = await detectType(path);
- if (!mime.startsWith('image/')) throw 403;
+ if (!FILE_TYPE_WHITELIST.includes(mime)) throw 403;
let image: IImage;
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-08 09:09:01 +0000