fix XSS and potential SSRF

2025-01-27 23:04:32 -05:00 · 2018-06-20 12:54:12 +03:00 · 2018-06-20 12:54:12 +03:00 · 61ef803026
commit 61ef803026
parent 2ad861f4b0
1 changed files with 2 additions and 2 deletions
--- a/imageproxy.go
+++ b/imageproxy.go
@ -330,8 +330,8 @@ func (t *TransformingTransport) RoundTrip(req *http.Request) (*http.Response, er

 	img, err := Transform(b, opt)
 	if err != nil {
-		log.Printf("error transforming image %s: %v", u.String(), err)
-		img = b
+		// probablyt not an image will not proxy
+		return nil, fmt.Errorf("error transforming image %s: %v", u.String(), err)
 	}

 	// replay response with transformed image and updated content length