diff options
author | Chris <ccbrown112@gmail.com> | 2018-02-09 15:41:06 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-09 15:41:06 -0600 |
commit | 396e7513ecc7d86b04e56745586c802e56e5d763 (patch) | |
tree | 4915a002e66ded7aefb6925caa15676ef1876097 /app | |
parent | a4e9499714999d58f26c712df02c014f1facccf7 (diff) | |
download | chat-396e7513ecc7d86b04e56745586c802e56e5d763.tar.gz chat-396e7513ecc7d86b04e56745586c802e56e5d763.tar.bz2 chat-396e7513ecc7d86b04e56745586c802e56e5d763.zip |
Don't proxy same-site image urls (#8238)
* don't proxy same-site urls
* fix empty site url case
Diffstat (limited to 'app')
-rw-r--r-- | app/post.go | 8 | ||||
-rw-r--r-- | app/post_test.go | 10 |
2 files changed, 16 insertions, 2 deletions
diff --git a/app/post.go b/app/post.go index 005624605..5b0e59b23 100644 --- a/app/post.go +++ b/app/post.go @@ -876,6 +876,10 @@ func (a *App) imageProxyConfig() (proxyType, proxyURL, options, siteURL string) proxyURL += "/" } + if siteURL == "" || siteURL[len(siteURL)-1] != '/' { + siteURL += "/" + } + if cfg.ServiceSettings.ImageProxyOptions != nil { options = *cfg.ServiceSettings.ImageProxyOptions } @@ -890,12 +894,12 @@ func (a *App) ImageProxyAdder() func(string) string { } return func(url string) string { - if url == "" || strings.HasPrefix(url, proxyURL) { + if url == "" || strings.HasPrefix(url, siteURL) || strings.HasPrefix(url, proxyURL) { return url } if url[0] == '/' { - url = siteURL + url + url = siteURL + url[1:] } switch proxyType { diff --git a/app/post_test.go b/app/post_test.go index 3f3783265..e09d3a198 100644 --- a/app/post_test.go +++ b/app/post_test.go @@ -190,6 +190,10 @@ func TestImageProxy(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() + th.App.UpdateConfig(func(cfg *model.Config) { + *cfg.ServiceSettings.SiteURL = "http://mymattermost.com" + }) + for name, tc := range map[string]struct { ProxyType string ProxyURL string @@ -211,6 +215,12 @@ func TestImageProxy(t *testing.T) { ImageURL: "http://mydomain.com/myimage", ProxiedImageURL: "https://127.0.0.1/x1000/http://mydomain.com/myimage", }, + "willnorris/imageproxy_SameSite": { + ProxyType: "willnorris/imageproxy", + ProxyURL: "https://127.0.0.1", + ImageURL: "http://mymattermost.com/myimage", + ProxiedImageURL: "http://mymattermost.com/myimage", + }, "willnorris/imageproxy_EmptyImageURL": { ProxyType: "willnorris/imageproxy", ProxyURL: "https://127.0.0.1", |