self-hosted/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-12-07 23:32:55 +02:00
Code Issues Releases Activity

Prohibit connecting to loopback, link-local multicast, and link-local unicast IP addresses by default

Browse Source
This commit is contained in:
DarthSim
2023-03-22 20:25:51 +03:00
parent 24f4d43a0f
commit 1a9768a2c6
8 changed files with 110 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
processing_handler.go
View File

@@ -233,13 +233,8 @@ func handleProcessing(reqID string, rw http.ResponseWriter, r *http.Request) {
po, imageURL, err := options.ParsePath(path, r.Header)
checkErr(ctx, "path_parsing", err)
if !security.VerifySourceURL(imageURL) {
sendErrAndPanic(ctx, "security", ierrors.New(
404,
fmt.Sprintf("Source URL is not allowed: %s", imageURL),
"Invalid source",
))
}
err = security.VerifySourceURL(imageURL)
checkErr(ctx, "security", err)
if po.Raw {
streamOriginImage(ctx, reqID, r, rw, po, imageURL)