Commit graph

28 commits

Author SHA1 Message Date
11ae8344eb Sanitise Content-Type of media proxy URLs
Just as with uploads and emoji before, this can otherwise be used
to place counterfeit AP objects or other malicious payloads.
In this case, even if we never assign a priviliged type to content,
the remote server can and until now we just mimcked whatever it told us.

Preview URLs already handle only specific, safe content types
and redirect to the external host for all else; thus no additional
sanitisiation is needed for them.

Non-previews are all delegated to the modified ReverseProxy module.
It already has consolidated logic for building response headers
making it easy to slip in sanitisation.

Although proxy urls are prefixed by a MAC built from a server secret,
attackers can still achieve a perfect id match when they are able to
change the contents of the pointed to URL. After sending an posts
containing an attachment at a controlled destination, the proxy URL can
be read back and inserted into the payload. After injection of
counterfeits in the target server the content can again be changed
to something innocuous lessening chance of detection.
2024-03-18 22:33:10 -01:00
36f4f18aa5
Add more image mimetypes to reverse proxy
Add JPEG-XL, AVIF, and WebP support to the reverse proxy. All three are
supported in WebKit browsers; the latter two are supported in Gecko and
Blink.
2023-11-01 17:47:52 -07:00
9d83a1e23f Add csp 2023-05-26 11:41:22 +01:00
405406601f Fix emoji qualification (#124)
Reviewed-on: AkkomaGang/akkoma#124
2022-07-28 12:02:36 +00:00
364b6969eb Use finch everywhere (#33)
Reviewed-on: AkkomaGang/akkoma#33
2022-07-04 16:30:38 +00:00
Alex Gleason
1c3fe43d23
ReverseProxy: create Client.Wrapper to call client from config
Speeds up recompilation by reducing compile-time cycles
2021-06-04 21:12:24 -05:00
Alex Gleason
1dc5794e29 Never forward the client's user-agent through the media proxy 2021-03-01 21:05:46 +01:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'
2021-01-13 07:49:50 +01:00
lain
713612c377 Cachex: Make caching provider switchable at runtime.
Defaults to Cachex.
2020-12-18 17:44:46 +01:00
Alexander Strizhakov
0374df1d12
other files consistency 2020-10-13 16:38:19 +03:00
Alexander Strizhakov
4e6e5d8042 reverse proxy tests 2019-07-09 16:54:13 +00:00
Alexander Strizhakov
c2ca1f22a2 it is changed in compile time
we can't change module attributes and endpoint settings in runtime
2019-06-14 15:45:05 +00:00
William Pitcock
52e09807d4 reverse proxy: clean up some @hackney leftovers 2019-06-02 09:09:58 +00:00
Egor Kislitsyn
99f70c7e20 Use Pleroma.Config everywhere 2019-05-30 15:33:58 +07:00
William Pitcock
9bec891eb4 kill @httpoison 2019-05-25 04:24:21 +00:00
rinpatch
d02f1120f9 Content-Disposition regex improvements 2019-03-15 08:29:51 +03:00
rinpatch
958227d556 MediaProxy: parse filename from content-disposition for non-whitelisted types 2019-03-15 01:36:29 +03:00
Haelwenn (lanodan) Monnier
c42d34b2ec
[Credo] fix Credo.Check.Readability.MaxLineLength 2019-03-13 04:26:56 +01:00
href
99763999c1
reverse_proxy - always override plug's cache-control 2019-01-21 15:17:24 +01:00
William Pitcock
980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
William Pitcock
2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
Maksim Pechnikov
074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
Hakaba Hitoyo
96ba95df2e remove follow_redirect options 2018-12-06 11:38:33 +09:00
href
8e0e20631c
Reverse proxy: default max read duration at 30 secs. 2018-11-30 19:12:03 +01:00
href
02d3dc6869
Uploads fun, part. 2 2018-11-30 18:02:37 +01:00
href
97b00d366f
reverse_proxy: more headers 2018-11-30 18:00:57 +01:00
href
a2640c8088
Parse correctly content-type & do not forward content-length 2018-11-30 18:00:57 +01:00
href
b19597f602
reverse proxy / uploads 2018-11-30 18:00:47 +01:00