yume/yumechi-no-kuni
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(backend): Nested proxy requestsを検出した際にブロックするように

Browse source 
This reverts commit 086532218e.

[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-10-19 18:09:32 -05:00
parent acba0bb54c
commit 9a75e2f53b
No known key found for this signature in database
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/FileServerService.ts
View file

@ -325,8 +325,8 @@ export class FileServerService {
if (!request.headers['user-agent']) { if (!request.headers['user-agent']) {
throw new StatusError('User-Agent is required', 400, 'User-Agent is required'); throw new StatusError('User-Agent is required', 400, 'User-Agent is required');
} else if (request.headers['user-agent'].includes(this.config.userAgent)) { } else if (request.headers['user-agent'].toLowerCase().indexOf('misskey/') !== -1) {
throw new StatusError('Proxy is recursive', 400, 'Proxy is recursive'); throw new StatusError('Refusing to proxy a request from another proxy', 403, 'Proxy is recursive');
} }
// Create temp file // Create temp file