0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2024-12-30 22:34:18 -05:00
Commit graph

33 commits

Author SHA1 Message Date
Jacopo
13bafdbf9e Add MaxRedirects option
Add `MaxRedirects` option to set maximum redirection-followings allowed.
The option is only valid when `FollowRedirects` is `true`.

Being able to limit the amount of redirections is helpful in order to
avoid possible loops of redirections or just too long round trips.
2021-12-10 09:25:11 -08:00
Will Norris
0f2deb14d2 remove behavior of copyHeaders to copy all headers
Previously, when no keys were specified, copyHeaders would copy all
headers from src to dst.  I believe this is a remnant of some old code,
as we don't actually ever use that behavior today.

I'm removing this as it seems too likely to accidentally pass along
headers that shouldn't be.  Instead, let's always be explicit about
which headers to copy (which is what we currently do anyway).
2021-11-05 08:33:21 -07:00
Will Norris
7ba3f124eb cleanup license headers and contributing docs
- switch to "project authors" style copyright.  Instead of an AUTHORS
  file (https://opensource.google/docs/releasing/authors/), I just list
  Google as a major copyright holder in the README.
- use SPDX style license headers in source files
- remove CLA requirement from contributing docs
2021-03-10 12:24:13 -08:00
Will Norris
84ae42bcde golangci: enable additional checks 2020-09-09 23:28:59 -07:00
Will Norris
fc79b851b2 fix go lint warnings
- handle errors where possible
- explicitly ignore errors where it makes sense to
- fix deprecations and unused var
2020-09-09 15:44:09 -07:00
Blake Stoddard
0da684b81e
Switch to Hostname() for checking whether a host is allowed or not (#238)
Using .Host allows you to get around an allowHosts or denyHosts entry by adding a port
2020-06-20 21:44:01 -07:00
Blake Stoddard
f91e9cb508
Allow allowing/blocks hosts by IP range (#236) 2020-06-19 17:30:49 -07:00
Mauro Ciancio
ef09c1ba31
add support for multiple signature keys (#209) 2020-02-01 17:03:59 -08:00
Will Norris
7eeacfca7a standardize copyright statements (Inc -> LLC) 2019-11-30 10:04:17 -08:00
Will Norris
a7a8966289 add miscellaneous tests
also fix minor bug in detecting content type for content less than 512
bytes.
2019-06-11 14:02:44 -07:00
Harrison Healey
d4246a08fd allow overriding the Logger used by Proxy 2019-04-22 16:49:45 -07:00
Will Norris
38d3bcc7fe allow request signatures to cover options
URL-only signatures are still accepted, though no longer recommended.

Fixes #145
2019-03-27 21:00:14 +00:00
Will Norris
0791f8ceec add more tests: mostly trivial checks 2019-03-22 08:46:34 +00:00
Will Norris
24a2dda8e0 add tests for denyHosts flag 2019-03-22 04:45:31 +00:00
Will Norris
2612fa4111 rename several validFoo method to fooMatches
this more accurately describes what the methods are actually doing:
verifying if the value matches, without making any judgement amount
validity.
2019-03-22 04:45:31 +00:00
Will Norris
5eab3024c6 rename RemoteHosts to AllowHosts
This is what I probably should have called this when I renamed it back
in 70276f36, since this makes it more obvious that it's a list of
allowed hosts.  Renaming now to make room for a `DenyHosts` variable as
part of #85.
2019-03-17 03:05:13 +00:00
Will Norris
70276f36bc rename 'Whitelist' to 'RemoteHosts"
This better describes what exactly is being allowed.
2018-09-15 05:55:02 +00:00
Will Norris
0370572130 change how content-type enforcement is handled
If no content types are specified, then accept all responses, regardless
of content type (this is the behavior imageproxy has historically had).
Change default value for the contentTypes flag to be "image/*", so that
the new default when running cmd/imageproxy is that only images will be
proxied.  The old default behavior can be achieved by passing an empty
string for the contentTypes flag:

    imageproxy -contentTypes ""

Do not send the "XCTO: nosniff" header, since all documentation that I
can find still says that it can cause problems when served with images.
If it's effectively a noop when an explicit content-type is specified in
the response, then this shouldn't actually matter for us either way.
But in the absence of certainty, I'd rather err on the side of following
the spec.

Also add documentation for the new functionality.

Fixes #141
2018-09-15 05:36:25 +00:00
Christopher Brown
39a4e1813d content-type checking 2018-09-15 04:00:34 +00:00
James Reggio
ebcfb52f3a Fix interpretation of Last-Modified and If-Modified-Since headers
If the dates in `Last-Modified` and `If-Modified-Since` are an exact
match, the server should 304.
2017-09-23 17:01:24 -07:00
Will Norris
a7a04ebe7b simplify copyHeader func
- take simple http.Header values as input, rather than http.Response
- allow multiple headers to be copied to be specified.  If no headers
  specified, then copy all.
2017-06-14 17:22:45 -04:00
Will Norris
c81621ae35 rename check304 to should304
this reads a little better in if blocks
2017-06-14 16:34:34 -04:00
Will Norris
49480c4693 add missing license headers on test files 2016-06-22 13:54:16 -07:00
Will Norris
551fc372a1 print raw bytes to http response in tests
this has actually always been failing to transform the image, but wasn't
being caught by our tests because we are currently only checking the
response code.
2015-12-14 11:15:03 -08:00
Will Norris
27d53782b4 update allowed func to return error instead of bool
this allows returning a more accurate error message, particularly in the
case of an invalid referer header
2015-12-14 10:18:14 -08:00
Will Norris
b4216d8da8 remove Proxy pointer from TransformingTransport
This pointer was only needed to pass along the scaleUp option.  In order
to prevent someone from specifying the scaleUp option on an individual
request against the owner's wishes, we didn't encode or decode that
field on the Options struct.  Instead, we stored the value on the Proxy
object and then set it on the Options struct inside the
TransformingTransport.  This worked, but I never really liked binding
those two together.

Instead, we now treat scaleUp as a normal Option field, encoding and
decoding it with all the others.  The primary difference is that the
initial value from the request URL will always be overwritten with
whatever is set in Proxy.ScaleUp.  This decouples the
TransformingTransport from the Proxy, but prevents the option from being
set in the request URL.

Modifies #37
2015-12-07 23:06:02 -08:00
Connor Peet
9213c93c94 Add ability to restrict http referrer 2015-08-15 10:36:07 -07:00
Rune Madsen
4e60c683b0 scaleup flag 2015-08-12 14:39:38 -04:00
Will Norris
a9efefc8e7 add request signature support to Proxy 2015-05-14 15:30:07 -07:00
Will Norris
9d6f8fdf7d refactor whitelist check in preparation for signature check 2015-05-14 15:30:06 -07:00
Will Norris
d74dd6e985 rename jpegQuality to defaultQuality
Also fix a few go vet errors
2015-02-12 14:21:26 -08:00
Will Norris
76faab6363 add lots more tests 2014-12-04 17:32:40 -08:00
Will Norris
5a4e602373 small cleanup of check304 and add more tests
Remove unused ResponseWriter parameter from check304, add function docs,
and add TODO for alternate Etag header values that we should handle.

Add tests for Proxy.allowed and check304.
2014-11-21 07:51:19 -08:00