media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago)
This commit is contained in:
parent
22d20c497b
commit
9b553a1087
|
@ -11,15 +11,47 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
|
||||||
error: "public, must-revalidate, max-age=160"
|
error: "public, must-revalidate, max-age=160"
|
||||||
}
|
}
|
||||||
|
|
||||||
def remote(conn, %{"sig" => sig, "url" => url}) do
|
# Content-types that will not be returned as content-disposition attachments
|
||||||
|
# Override with :media_proxy, :safe_content_types in the configuration
|
||||||
|
@safe_content_types [
|
||||||
|
"image/gif",
|
||||||
|
"image/jpeg",
|
||||||
|
"image/jpg",
|
||||||
|
"image/png",
|
||||||
|
"image/svg+xml",
|
||||||
|
"audio/mpeg",
|
||||||
|
"audio/mp3",
|
||||||
|
"video/webm",
|
||||||
|
"video/mp4"
|
||||||
|
]
|
||||||
|
|
||||||
|
def remote(conn, params = %{"sig" => sig, "url" => url}) do
|
||||||
config = Application.get_env(:pleroma, :media_proxy, [])
|
config = Application.get_env(:pleroma, :media_proxy, [])
|
||||||
|
|
||||||
with true <- Keyword.get(config, :enabled, false),
|
with true <- Keyword.get(config, :enabled, false),
|
||||||
{:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
|
{:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
|
||||||
{:ok, content_type, body} <- proxy_request(url) do
|
filename <- Path.basename(url),
|
||||||
|
true <-
|
||||||
|
if(Map.get(params, "filename"),
|
||||||
|
do: filename == Path.basename(conn.request_path),
|
||||||
|
else: true
|
||||||
|
),
|
||||||
|
{:ok, content_type, body} <- proxy_request(url),
|
||||||
|
safe_content_type <-
|
||||||
|
Enum.member?(
|
||||||
|
Keyword.get(config, :safe_content_types, @safe_content_types),
|
||||||
|
content_type
|
||||||
|
) do
|
||||||
conn
|
conn
|
||||||
|> put_resp_content_type(content_type)
|
|> put_resp_content_type(content_type)
|
||||||
|> set_cache_header(:default)
|
|> set_cache_header(:default)
|
||||||
|
|> put_resp_header(
|
||||||
|
"content-security-policy",
|
||||||
|
"default-src 'none'; style-src 'unsafe-inline'; media-src data:; img-src 'self' data:"
|
||||||
|
)
|
||||||
|
|> put_resp_header("x-xss-protection", "1; mode=block")
|
||||||
|
|> put_resp_header("x-content-type-options", "nosniff")
|
||||||
|
|> put_attachement_header(safe_content_type, filename)
|
||||||
|> send_resp(200, body)
|
|> send_resp(200, body)
|
||||||
else
|
else
|
||||||
false ->
|
false ->
|
||||||
|
@ -92,6 +124,12 @@ defp proxy_request_body(client, _) do
|
||||||
# TODO: the body is passed here as well because some hosts do not provide a content-type.
|
# TODO: the body is passed here as well because some hosts do not provide a content-type.
|
||||||
# At some point we may want to use magic numbers to discover the content-type and reply a proper one.
|
# At some point we may want to use magic numbers to discover the content-type and reply a proper one.
|
||||||
defp proxy_request_content_type(headers, _body) do
|
defp proxy_request_content_type(headers, _body) do
|
||||||
headers["Content-Type"] || headers["content-type"] || "image/jpeg"
|
headers["Content-Type"] || headers["content-type"] || "application/octet-stream"
|
||||||
|
end
|
||||||
|
|
||||||
|
defp put_attachement_header(conn, true, _), do: conn
|
||||||
|
|
||||||
|
defp put_attachement_header(conn, false, filename) do
|
||||||
|
put_resp_header(conn, "content-disposition", "attachment; filename='#{filename}'")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,7 +15,10 @@ def url(url) do
|
||||||
base64 = Base.url_encode64(url, @base64_opts)
|
base64 = Base.url_encode64(url, @base64_opts)
|
||||||
sig = :crypto.hmac(:sha, secret, base64)
|
sig = :crypto.hmac(:sha, secret, base64)
|
||||||
sig64 = sig |> Base.url_encode64(@base64_opts)
|
sig64 = sig |> Base.url_encode64(@base64_opts)
|
||||||
Keyword.get(config, :base_url, Pleroma.Web.base_url()) <> "/proxy/#{sig64}/#{base64}"
|
filename = Path.basename(url)
|
||||||
|
|
||||||
|
Keyword.get(config, :base_url, Pleroma.Web.base_url()) <>
|
||||||
|
"/proxy/#{sig64}/#{base64}/#{filename}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -378,12 +378,12 @@ defmodule Pleroma.Web.Router do
|
||||||
end
|
end
|
||||||
|
|
||||||
pipeline :remote_media do
|
pipeline :remote_media do
|
||||||
plug(:accepts, ["html"])
|
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/proxy/", Pleroma.Web.MediaProxy do
|
scope "/proxy/", Pleroma.Web.MediaProxy do
|
||||||
pipe_through(:remote_media)
|
pipe_through(:remote_media)
|
||||||
get("/:sig/:url", MediaProxyController, :remote)
|
get("/:sig/:url", MediaProxyController, :remote)
|
||||||
|
get("/:sig/:url/:filename", MediaProxyController, :remote)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/", Fallback do
|
scope "/", Fallback do
|
||||||
|
|
Loading…
Reference in New Issue