From 4c7ef1e027177f41305e95ca9999482126d5be1d Mon Sep 17 00:00:00 2001 From: Norm Date: Sat, 9 Nov 2024 18:24:53 -0500 Subject: [PATCH 1/4] Update supported OTP version to 27 in docs The minor incompatibility should have been fixed with commit bee10eab5ebf6aa4d50238afd3d9c37a014dd745 and PRs #839 and #841. --- docs/docs/installation/generic_dependencies.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/installation/generic_dependencies.include b/docs/docs/installation/generic_dependencies.include index 87669bd23..8bf55237b 100644 --- a/docs/docs/installation/generic_dependencies.include +++ b/docs/docs/installation/generic_dependencies.include @@ -2,7 +2,7 @@ * PostgreSQL 12+ * Elixir 1.14+ (currently tested up to 1.16) -* Erlang OTP 25+ (currently tested up to OTP26) +* Erlang OTP 25+ (currently tested up to OTP27) * git * file / libmagic * gcc (clang might also work) From 416aebb76a6b8a307d844f25f8d962830ef0fdff Mon Sep 17 00:00:00 2001 From: Oneric Date: Tue, 19 Nov 2024 19:25:31 +0100 Subject: [PATCH 2/4] Fix NodeInfo content-type Fixes: https://akkoma.dev/AkkomaGang/akkoma/issues/852 --- lib/pleroma/web/nodeinfo/nodeinfo_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex index ea2d86f92..9975b8dbb 100644 --- a/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex +++ b/lib/pleroma/web/nodeinfo/nodeinfo_controller.ex @@ -31,7 +31,7 @@ def nodeinfo(conn, %{"version" => version}) when version in ["2.0", "2.1"] do conn |> put_resp_header( "content-type", - "application/json; profile=http://nodeinfo.diaspora.software/ns/schema/2.0#; charset=utf-8" + "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/#{version}#\"; charset=utf-8" ) |> json(Nodeinfo.get_nodeinfo(version)) end From 7632765b4365511bfde1797f4eb81cf5b45628d0 Mon Sep 17 00:00:00 2001 From: nopjmp Date: Sun, 15 Dec 2024 16:12:37 -0600 Subject: [PATCH 3/4] Only proxy HTTP and HTTP urls via Media Proxy We make an assumption that we are only proxying HTTP/HTTPS hosted media through the media proxy endpoint. Fixes: #859 --- lib/pleroma/web/media_proxy.ex | 6 ++++-- test/pleroma/web/media_proxy_test.exs | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/media_proxy.ex b/lib/pleroma/web/media_proxy.ex index 61b6f2a62..9e48dda74 100644 --- a/lib/pleroma/web/media_proxy.ex +++ b/lib/pleroma/web/media_proxy.ex @@ -52,11 +52,11 @@ def url(url) do @spec url_proxiable?(String.t()) :: boolean() def url_proxiable?(url) do - not local?(url) and not whitelisted?(url) and not blocked?(url) + not local?(url) and not whitelisted?(url) and not blocked?(url) and http_scheme?(url) end def preview_url(url, preview_params \\ []) do - if preview_enabled?() do + if preview_enabled?() and url_proxiable?(url) do encode_preview_url(url, preview_params) else url(url) @@ -71,6 +71,8 @@ def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :en def local?(url), do: String.starts_with?(url, Endpoint.url()) + def http_scheme?(url), do: String.starts_with?(url, ["http:", "https:"]) + def whitelisted?(url) do %{host: domain} = URI.parse(url) diff --git a/test/pleroma/web/media_proxy_test.exs b/test/pleroma/web/media_proxy_test.exs index bd5efe4c9..1a6e9a521 100644 --- a/test/pleroma/web/media_proxy_test.exs +++ b/test/pleroma/web/media_proxy_test.exs @@ -37,6 +37,10 @@ test "ignores local url" do assert MediaProxy.url(local_root) == local_root end + test "ignores data url" do + assert MediaProxy.url("data:image/png;base64,") == "data:image/png;base64," + end + test "encodes and decodes URL" do url = "https://pleroma.soykaf.com/static/logo.png" encoded = MediaProxy.url(url) From ff5d1973411b62dea0e54e71315c7479ff35f9cd Mon Sep 17 00:00:00 2001 From: nopjmp Date: Sun, 15 Dec 2024 17:36:24 -0600 Subject: [PATCH 4/4] Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74a925a3f..86269583c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## UNRELEASED + +## Fixed +- Media proxy no longer attempts to proxy embedded images + ## 3.13.3 ## BREAKING