0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2024-12-16 21:56:43 -05:00
Commit graph

93 commits

Author SHA1 Message Date
Will Norris
2008a17f5e don't require redirect URLs to match AllowHosts
When following redirects, ensure that the final URL is not in the
configured DenyHosts list, but do not further enforce presence in the
AllowHosts list.

This was initially added in #237, and the original use case was about
protecting against redirects being used to bypass denied hosts. They
were using URL signatures and deny lists (for localhost, etc), but not
allow lists. So really, checking against the deny list is all that was
needed in that case.

This came up recently for me as I was trying to proxy images on a remote
host that redirects to Amazon S3. Even though the original URL was
signed, the redirect was being denied because s3-us-west-2.amazonaws.com
isn't on of my allowed host. But I don't want to allow all of S3, just
the signed URLs.
2023-05-12 12:27:40 -07:00
Will Norris
5ffd8db241 all: remove deprecated use of io/ioutil 2023-01-31 20:32:45 -08:00
Will Norris
a81add5d96 lint: improve error handling 2022-02-16 11:15:36 -08:00
Jacopo
13bafdbf9e Add MaxRedirects option
Add `MaxRedirects` option to set maximum redirection-followings allowed.
The option is only valid when `FollowRedirects` is `true`.

Being able to limit the amount of redirections is helpful in order to
avoid possible loops of redirections or just too long round trips.
2021-12-10 09:25:11 -08:00
Will Norris
a4d659dafd style: remove unnecessary type declaration 2021-11-05 08:33:21 -07:00
Will Norris
0f2deb14d2 remove behavior of copyHeaders to copy all headers
Previously, when no keys were specified, copyHeaders would copy all
headers from src to dst.  I believe this is a remnant of some old code,
as we don't actually ever use that behavior today.

I'm removing this as it seems too likely to accidentally pass along
headers that shouldn't be.  Instead, let's always be explicit about
which headers to copy (which is what we currently do anyway).
2021-11-05 08:33:21 -07:00
Geras Ghulyan
d94e5610d6 Add support for passing headers to remote server
Add a new passRequestHeaders field to Proxy that identifies headers to
pass from inbound request to remote servers.  Also add associated flag
to imageproxy CLI.

This is initially added to support remote servers that require an
authorization token.

Fixes #321
2021-11-05 08:32:59 -07:00
Will Norris
7ba3f124eb cleanup license headers and contributing docs
- switch to "project authors" style copyright.  Instead of an AUTHORS
  file (https://opensource.google/docs/releasing/authors/), I just list
  Google as a major copyright holder in the README.
- use SPDX style license headers in source files
- remove CLA requirement from contributing docs
2021-03-10 12:24:13 -08:00
Will Norris
3999c5bd80 run goimports 2021-01-24 13:44:39 -08:00
Yassine ABOUKIR
2203979b9c Add X-XSS-Protection HTTP response header to block potential XSS 2021-01-24 12:18:42 -08:00
Blake Stoddard
c08b3c505a Disable browser MIME confusion attacks via content-type sniffing 2020-10-16 07:11:59 -07:00
Blake Stoddard
c6206ea30c Set a strict Content-Security-Policy 2020-10-16 07:11:59 -07:00
Blake Stoddard
fd43ff2198
Support proxying images with no provided intermediate cert (#241)
Replace http.DefaultTransport with aia-transport-go to properly handle missing intermediate certs
2020-09-10 01:52:43 -07:00
Blake Stoddard
52f4360543
Add option to disable following redirects (#237)
When redirects are followed, ensure that they are still allowed per AllowHosts/DenyHosts
2020-09-10 01:40:59 -07:00
Will Norris
84ae42bcde golangci: enable additional checks 2020-09-09 23:28:59 -07:00
Will Norris
fc79b851b2 fix go lint warnings
- handle errors where possible
- explicitly ignore errors where it makes sense to
- fix deprecations and unused var
2020-09-09 15:44:09 -07:00
Blake Stoddard
0da684b81e
Switch to Hostname() for checking whether a host is allowed or not (#238)
Using .Host allows you to get around an allowHosts or denyHosts entry by adding a port
2020-06-20 21:44:01 -07:00
Blake Stoddard
f91e9cb508
Allow allowing/blocks hosts by IP range (#236) 2020-06-19 17:30:49 -07:00
Will Norris
7f91379373 rename prometheus metrics and vars
Make names a little more consistent and align with naming docs at
https://prometheus.io/docs/practices/naming/
2020-02-24 08:27:30 -08:00
Will Norris
4e97a7ea8f make 'cached' a bool 2020-02-24 08:27:30 -08:00
Ben Haan
8484518c93 add basic prometheus support
Fixes #121
2020-02-24 08:27:30 -08:00
Will Norris
8c28dca762 include referer header in remote requests
this is an optional feature which is disabled by default, since it is
only needed in a few select cases and risks accidentally exposing
internal URLs.

Fixes #216
2020-02-21 08:24:23 +00:00
Mauro Ciancio
ef09c1ba31
add support for multiple signature keys (#209) 2020-02-01 17:03:59 -08:00
Will Norris
7eeacfca7a standardize copyright statements (Inc -> LLC) 2019-11-30 10:04:17 -08:00
Will Norris
d99be34251 use path package for matching content type
content type always uses forward slash, so path is the right package to
use.

fixes #191
2019-11-01 18:57:14 -07:00
Shahan Khan
ea95ad93a1 Support for better content type detection with images on S3 2019-10-12 08:20:52 -07:00
Will Norris
a7a8966289 add miscellaneous tests
also fix minor bug in detecting content type for content less than 512
bytes.
2019-06-11 14:02:44 -07:00
Harrison Healey
d4246a08fd allow overriding the Logger used by Proxy 2019-04-22 16:49:45 -07:00
Will Norris
38d3bcc7fe allow request signatures to cover options
URL-only signatures are still accepted, though no longer recommended.

Fixes #145
2019-03-27 21:00:14 +00:00
Will Norris
cf54b2cf2c detect content type if response header is missing
Some misconfigured servers will fail to properly set the content-type in
the response header.  In those cases, detect the content-type from the
response body.

Refs #132
2019-03-26 22:50:38 +00:00
Will Norris
6aca1e0b20 set Accept header on requests if contentTypes set
If the imageproxy instance is configured to only accept certain content
types (which defaults to "image/*"), set that as the accept header on
outbound requests.

Also log more information about the outbound request when the `Verbose`
option is set, so the request headers can be seen in the logs.

Fixes #165
Refs #132
2019-03-24 18:14:28 +00:00
Will Norris
4a6b8653b6 fix minor go fmt and go vet issues 2019-03-22 08:05:59 +00:00
Will Norris
a5297ae319 remove deprecated whitelist flag and struct field 2019-03-22 07:36:41 +00:00
Will Norris
7e19b5ca6b remove specific denial error from response
the specific denial error message reveals more about the imageproxy
configuration than it should, such as what hosts are denied.  Instead,
log the full error, but return a generic message that the requested URL
is not allowed.
2019-03-22 04:45:31 +00:00
Will Norris
2612fa4111 rename several validFoo method to fooMatches
this more accurately describes what the methods are actually doing:
verifying if the value matches, without making any judgement amount
validity.
2019-03-22 04:45:31 +00:00
yvind Ngai Johnsen
7264d177a1 Add denyHosts flag to deny URLs for certain hosts
For example, when running in a Docker swarm cluster we dont want it to
have access to our internal services available under *.weave.local

Closes #85
2019-03-22 04:44:08 +00:00
Will Norris
5eab3024c6 rename RemoteHosts to AllowHosts
This is what I probably should have called this when I renamed it back
in 70276f36, since this makes it more obvious that it's a list of
allowed hosts.  Renaming now to make room for a `DenyHosts` variable as
part of #85.
2019-03-17 03:05:13 +00:00
Will Norris
4acc0b24ce save and restore original url fragment 2019-03-17 02:51:55 +00:00
Hugues Alary
3444fd9cb4 allow custom User-Agent when fetching remote image
Closes #83
2019-03-17 01:24:41 +00:00
Will Norris
a903995ee7 empty ContentTypes allows all types 2018-10-02 16:14:14 +00:00
Will Norris
70276f36bc rename 'Whitelist' to 'RemoteHosts"
This better describes what exactly is being allowed.
2018-09-15 05:55:02 +00:00
Will Norris
0370572130 change how content-type enforcement is handled
If no content types are specified, then accept all responses, regardless
of content type (this is the behavior imageproxy has historically had).
Change default value for the contentTypes flag to be "image/*", so that
the new default when running cmd/imageproxy is that only images will be
proxied.  The old default behavior can be achieved by passing an empty
string for the contentTypes flag:

    imageproxy -contentTypes ""

Do not send the "XCTO: nosniff" header, since all documentation that I
can find still says that it can cause problems when served with images.
If it's effectively a noop when an explicit content-type is specified in
the response, then this shouldn't actually matter for us either way.
But in the absence of certainty, I'd rather err on the side of following
the spec.

Also add documentation for the new functionality.

Fixes #141
2018-09-15 05:36:25 +00:00
Christopher Brown
39a4e1813d content-type checking 2018-09-15 04:00:34 +00:00
Wilrik
74c16f575e fixed tcp_mem resource leak when sending 304 2018-07-06 08:14:09 -07:00
Dao Hoang Son
8fc9d8876c Include image URL in transform error log message 2018-05-20 08:32:16 -07:00
James Reggio
ebcfb52f3a Fix interpretation of Last-Modified and If-Modified-Since headers
If the dates in `Last-Modified` and `If-Modified-Since` are an exact
match, the server should 304.
2017-09-23 17:01:24 -07:00
Will Norris
7338ef68ef switch from glog to standard log library
add "-verbose" flag for more logging.

fixes #105
2017-09-12 05:14:46 +00:00
Will Norris
5ee7e282cf return a 200 OK for requests to root /
This has come up a couple of times, such as in #95.  As discussed there,
I'm not completely sure this is actually necessary in many cases, but
it's certainly not harmful and if it makes health checks easier to setup
than why not?
2017-09-09 08:31:22 +00:00
Michael Carey
c1a9dab401 Support TIFF images. 2017-08-31 13:04:10 -07:00
Romanos
50f6f640b2 Enable CORS for 3rd party applications 2017-06-20 08:24:55 -07:00