Disallow anything with svg in the content-type header

2024-12-30 22:34:18 -05:00 · 2020-11-13 16:35:44 -05:00 · 2020-11-13 16:35:44 -05:00 · 6ed3117053
commit 6ed3117053
parent fc97bd1862
1 changed files with 1 additions and 1 deletions
--- a/imageproxy.go
+++ b/imageproxy.go
@ -239,7 +239,7 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
 		resp.Body = ioutil.NopCloser(b)
 		contentType = peekContentType(b)
 	}
-	if resp.ContentLength != 0 && !contentTypeMatches(p.ContentTypes, contentType) {
+	if (resp.ContentLength != 0 && !contentTypeMatches(p.ContentTypes, contentType)) || strings.Contains(contentType, "svg") {
 		p.logf("content-type not allowed: %q", contentType)
 		http.Error(w, msgNotAllowed, http.StatusForbidden)
 		return