kaslo/pawkey-sk
1
0
Fork 0
mirror of https://git.boykissers.com/pawkey/pawkey-sk.git synced 2025-12-20 12:14:18 +00:00
Code Packages Activity

fix(server): validate url from ap to improve security

Browse Source
This commit is contained in:
syuilo
2023-02-08 17:50:23 +09:00
parent 650187deaf
commit 0da0cc80b9
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend/src/core/activitypub/models/ApImageService.ts
View File

@@ -48,6 +48,10 @@ export class ApImageService {
throw new Error('invalid image: url not privided'); throw new Error('invalid image: url not privided');
} }
if (!image.url.startsWith('https://')) {
throw new Error('invalid image: unexpected shcema of url: ' + image.url);
}
this.logger.info(`Creating the Image: ${image.url}`); this.logger.info(`Creating the Image: ${image.url}`);
const instance = await this.metaService.fetch(); const instance = await this.metaService.fetch();