AkkomaGang/akkoma
AkkomaGang/akkoma
13
63
Fork 84
Code Issues 163 Pull requests 18 Packages Projects 2 Releases 14 Wiki Activity
15539 commits 27 branches 107 tags 320 MiB
Commit graph

28 commits

Author SHA1 Message Date
Oneric 11ae8344eb Sanitise Content-Type of media proxy URLs 
Just as with uploads and emoji before, this can otherwise be used
to place counterfeit AP objects or other malicious payloads.
In this case, even if we never assign a priviliged type to content,
the remote server can and until now we just mimcked whatever it told us.

Preview URLs already handle only specific, safe content types
and redirect to the external host for all else; thus no additional
sanitisiation is needed for them.

Non-previews are all delegated to the modified ReverseProxy module.
It already has consolidated logic for building response headers
making it easy to slip in sanitisation.

Although proxy urls are prefixed by a MAC built from a server secret,
attackers can still achieve a perfect id match when they are able to
change the contents of the pointed to URL. After sending an posts
containing an attachment at a controlled destination, the proxy URL can
be read back and inserted into the payload. After injection of
counterfeits in the target server the content can again be changed
to something innocuous lessening chance of detection.
 2024-03-18 22:33:10 -01:00
Rohan Kumar 36f4f18aa5
Add more image mimetypes to reverse proxy
Some checks failed
ci/woodpecker/pr/lint Pipeline was successful
Details
ci/woodpecker/pr/test Pipeline was successful
Details
ci/woodpecker/pr/build-arm64 unknown status
Details
ci/woodpecker/pr/build-amd64 unknown status
Details
ci/woodpecker/pr/docs unknown status
Details 
Add JPEG-XL, AVIF, and WebP support to the reverse proxy. All three are
supported in WebKit browsers; the latter two are supported in Gecko and
Blink.
 2023-11-01 17:47:52 -07:00
FloatingGhost 9d83a1e23f Add csp
Some checks are pending
ci/woodpecker/push/woodpecker Pipeline is pending
Details
2023-05-26 11:41:22 +01:00
floatingghost 405406601f Fix emoji qualification (#124)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
Reviewed-on: #124
 2022-07-28 12:02:36 +00:00
floatingghost 364b6969eb Use finch everywhere (#33)
Some checks failed
ci/woodpecker/push/lint Pipeline failed
Details
ci/woodpecker/push/test unknown status
Details
ci/woodpecker/push/release Pipeline was successful
Details 
Reviewed-on: #33
 2022-07-04 16:30:38 +00:00
Alex Gleason 1c3fe43d23
ReverseProxy: create Client.Wrapper to call client from config 
Speeds up recompilation by reducing compile-time cycles
 2021-06-04 21:12:24 -05:00
Alex Gleason 1dc5794e29 Never forward the client's user-agent through the media proxy 2021-03-01 21:05:46 +01:00
Haelwenn (lanodan) Monnier c4439c630f
Bump Copyright to 2021 
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
 2021-01-13 07:49:50 +01:00
lain 713612c377 Cachex: Make caching provider switchable at runtime. 
Defaults to Cachex.
 2020-12-18 17:44:46 +01:00
Alexander Strizhakov 0374df1d12
other files consistency 2020-10-13 16:38:19 +03:00
Alexander Strizhakov 4e6e5d8042 reverse proxy tests 2019-07-09 16:54:13 +00:00
Alexander Strizhakov c2ca1f22a2 it is changed in compile time 
we can't change module attributes and endpoint settings in runtime
 2019-06-14 15:45:05 +00:00
William Pitcock 52e09807d4 reverse proxy: clean up some @hackney leftovers 2019-06-02 09:09:58 +00:00
Egor Kislitsyn 99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
William Pitcock 9bec891eb4 kill @httpoison 2019-05-25 04:24:21 +00:00
rinpatch d02f1120f9 Content-Disposition regex improvements 2019-03-15 08:29:51 +03:00
rinpatch 958227d556 MediaProxy: parse filename from content-disposition for non-whitelisted types 2019-03-15 01:36:29 +03:00
Haelwenn (lanodan) Monnier c42d34b2ec
[Credo] fix Credo.Check.Readability.MaxLineLength 2019-03-13 04:26:56 +01:00
href 99763999c1
reverse_proxy - always override plug's cache-control 2019-01-21 15:17:24 +01:00
William Pitcock 980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
William Pitcock 2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Maksim Pechnikov 074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
Hakaba Hitoyo 96ba95df2e remove follow_redirect options 2018-12-06 11:38:33 +09:00
href 8e0e20631c
Reverse proxy: default max read duration at 30 secs. 2018-11-30 19:12:03 +01:00
href 02d3dc6869
Uploads fun, part. 2 2018-11-30 18:02:37 +01:00
href 97b00d366f
reverse_proxy: more headers 2018-11-30 18:00:57 +01:00
href a2640c8088
Parse correctly content-type & do not forward content-length 2018-11-30 18:00:57 +01:00
href b19597f602
reverse proxy / uploads 2018-11-30 18:00:47 +01:00