Infrastructure/imageproxy
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2025-01-20 22:53:00 -05:00
Code Issues Activity

Disallow anything with svg in the content-type header

Browse source
This commit is contained in:
Blake Stoddard 2020-11-13 16:35:44 -05:00
parent fc97bd1862
commit 6ed3117053
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
imageproxy.go
View file

@ -239,7 +239,7 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
resp.Body = ioutil.NopCloser(b) resp.Body = ioutil.NopCloser(b)
contentType = peekContentType(b) contentType = peekContentType(b)
} }
if resp.ContentLength != 0 && !contentTypeMatches(p.ContentTypes, contentType) { if (resp.ContentLength != 0 && !contentTypeMatches(p.ContentTypes, contentType)) || strings.Contains(contentType, "svg") {
p.logf("content-type not allowed: %q", contentType) p.logf("content-type not allowed: %q", contentType)
http.Error(w, msgNotAllowed, http.StatusForbidden) http.Error(w, msgNotAllowed, http.StatusForbidden)
return return