Update loop detection to reflect latest information

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
2024-12-21 10:55:29 -06:00 · 2024-12-21 10:55:29 -06:00 · e96a8511b3
commit e96a8511b3
parent aff0fec58f
1 changed files with 13 additions and 4 deletions
--- a/src/fetch/mod.rs
+++ b/src/fetch/mod.rs
@ -69,10 +69,19 @@ impl IncomingInfo {
            return true;
        }

-        // defense against upstream
-        if self.user_agent.contains("Misskey/") || 
-        // Purposefully typoed
-        // https://raw.githubusercontent.com/backrunner/misskey-media-proxy-worker/refs/heads/main/wrangler.toml
+        // defense against known looping user agents
+        //
+        // we do not consider whether there is a Via header or not because
+        // many legitimate CDNs and reverse proxies add their own Via before reaching us
+        // and that does not mean when the request is sent back to them the loop will be detected
+        // and next time it hit us again we will have no idea it's looping since the Via is stripped again
+        if self.user_agent.contains("Misskey/") {
+            return true;
+        }
+
+        // proxies that are once vulnerable but now fixed
+        if !self.via.contains("misskey-media-proxy-worker") &&
+        // Purposefully typoed to match the vulnerable version
        self.user_agent.contains("Edg/119.0.2109.1")
        {
            return true;