heartles
/
egirlskey
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

fix(server): validate url from ap to improve security

This commit is contained in:
syuilo 2023-02-08 17:50:23 +09:00
parent 650187deaf
commit 0da0cc80b9
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend/src/core/activitypub/models/ApImageService.ts
View File

@ -48,6 +48,10 @@ export class ApImageService {
throw new Error('invalid image: url not privided');
}
if (!image.url.startsWith('https://')) {
throw new Error('invalid image: unexpected shcema of url: ' + image.url);
}
this.logger.info(`Creating the Image: ${image.url}`);
const instance = await this.metaService.fetch();