Validate Host header matches expected value before allowing access to MediaProxy

This commit is contained in:
Mark Felder 2023-05-29 13:59:51 -04:00
parent 506a1c98e7
commit 843fcca5b4
2 changed files with 29 additions and 0 deletions

View file

@ -12,6 +12,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
alias Pleroma.Web.MediaProxy
alias Plug.Conn
plug(:validate_host)
plug(:sandbox)
def remote(conn, %{"sig" => sig64, "url" => url64}) do
@ -205,6 +206,17 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
Config.get([:media_proxy, :proxy_opts], [])
end
defp validate_host(conn, _params) do
proxy_host = MediaProxy.base_url() |> URI.parse() |> Map.get(:host)
if match?(^proxy_host, conn.host) do
conn
else
send_resp(conn, 400, Conn.Status.reason_phrase(400))
|> halt()
end
end
defp sandbox(conn, _params) do
conn
|> merge_resp_headers([{"content-security-policy", "sandbox;"}])

View file

@ -54,6 +54,23 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do
} = get(conn, "/proxy/hhgfh/eeee/fff")
end
test "it returns a 400 for invalid host", %{conn: conn} do
clear_config([:media_proxy, :base_url], "http://mp.localhost/")
url =
MediaProxy.encode_url("https://pleroma.social/logo.jpeg")
|> URI.parse()
|> Map.put(:host, "wronghost")
|> URI.to_string()
with_mock Pleroma.ReverseProxy,
call: fn _conn, _url, _opts -> %Conn{status: :success} end do
%{status: status} = get(conn, url)
assert status == 400
end
end
test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do
invalid_url = String.replace(url, "test.png", "test-file.png")
response = get(conn, invalid_url)