From 61ef803026bf0320489e7461fa4230e22399124b Mon Sep 17 00:00:00 2001
From: Eran Chetz <eran.chetztroni@algolia.com>
Date: Wed, 20 Jun 2018 12:54:12 +0300
Subject: [PATCH] fix XSS and potential SSRF

---
 imageproxy.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/imageproxy.go b/imageproxy.go
index b61f730..5edf9fd 100644
--- a/imageproxy.go
+++ b/imageproxy.go
@@ -330,8 +330,8 @@ func (t *TransformingTransport) RoundTrip(req *http.Request) (*http.Response, er
 
 	img, err := Transform(b, opt)
 	if err != nil {
-		log.Printf("error transforming image %s: %v", u.String(), err)
-		img = b
+		// probablyt not an image will not proxy
+		return nil, fmt.Errorf("error transforming image %s: %v", u.String(), err)
 	}
 
 	// replay response with transformed image and updated content length