Merge branch 'revert-mediaproxy-host-validation' into 'develop'

Revert MediaProxy Host header validation

See merge request pleroma/pleroma!3902
This commit is contained in:
feld 2023-06-11 11:10:51 +00:00
commit 75900f21f0
5 changed files with 2 additions and 59 deletions

View File

@ -1 +1 @@
Validate Host header for MediaProxy and Uploads and return a 302 if the base_url has changed Validate Host header for Uploads and return a 302 if the base_url has changed

0
changelog.d/3902.skip Normal file
View File

View File

@ -12,7 +12,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
alias Pleroma.Web.MediaProxy alias Pleroma.Web.MediaProxy
alias Plug.Conn alias Plug.Conn
plug(:validate_host)
plug(:sandbox) plug(:sandbox)
def remote(conn, %{"sig" => sig64, "url" => url64}) do def remote(conn, %{"sig" => sig64, "url" => url64}) do
@ -206,30 +205,6 @@ defp media_proxy_opts do
Config.get([:media_proxy, :proxy_opts], []) Config.get([:media_proxy, :proxy_opts], [])
end end
defp validate_host(conn, _params) do
%{scheme: proxy_scheme, host: proxy_host, port: proxy_port} =
MediaProxy.base_url() |> URI.parse()
if match?(^proxy_host, conn.host) do
conn
else
redirect_url =
%URI{
scheme: proxy_scheme,
host: proxy_host,
port: proxy_port,
path: conn.request_path,
query: conn.query_string
}
|> URI.to_string()
|> String.trim_trailing("?")
conn
|> Phoenix.Controller.redirect(external: redirect_url)
|> halt()
end
end
defp sandbox(conn, _params) do defp sandbox(conn, _params) do
conn conn
|> merge_resp_headers([{"content-security-policy", "sandbox;"}]) |> merge_resp_headers([{"content-security-policy", "sandbox;"}])

View File

@ -54,35 +54,6 @@ test "it returns 403 for invalid signature", %{conn: conn, url: url} do
} = get(conn, "/proxy/hhgfh/eeee/fff") } = get(conn, "/proxy/hhgfh/eeee/fff")
end end
test "it returns a 302 for invalid host", %{conn: conn} do
new_proxy_base = "http://mp.localhost/"
%{scheme: new_proxy_scheme, host: new_proxy_host, port: new_proxy_port} =
URI.parse(new_proxy_base)
clear_config([:media_proxy, :base_url], new_proxy_base)
proxy_url =
MediaProxy.encode_url("https://pleroma.social/logo.jpeg")
|> URI.parse()
|> Map.put(:host, "wronghost")
|> URI.to_string()
expected_url =
URI.parse(proxy_url)
|> Map.put(:host, new_proxy_host)
|> Map.put(:port, new_proxy_port)
|> Map.put(:scheme, new_proxy_scheme)
|> URI.to_string()
with_mock Pleroma.ReverseProxy,
call: fn _conn, _url, _opts -> %Conn{status: :success} end do
conn = get(conn, proxy_url)
assert redirected_to(conn, 302) == expected_url
end
end
test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do
invalid_url = String.replace(url, "test.png", "test-file.png") invalid_url = String.replace(url, "test.png", "test-file.png")
response = get(conn, invalid_url) response = get(conn, invalid_url)

View File

@ -120,9 +120,6 @@ defp json_response_and_validate_schema(conn, _status) do
Mox.verify_on_exit!() Mox.verify_on_exit!()
{:ok, {:ok, conn: Phoenix.ConnTest.build_conn()}
conn:
Phoenix.ConnTest.build_conn()
|> Map.put(:host, Pleroma.Web.Endpoint.host())}
end end
end end