commit: 75900f21f064307974ad3d229f957970e3839d0c
parent 1db29f734f7f12a49ab946ea467b07bf27bdce6d
Author: feld <feld@feld.me>
Date: Sun, 11 Jun 2023 11:10:51 +0000
Merge branch 'revert-mediaproxy-host-validation' into 'develop'
Revert MediaProxy Host header validation
See merge request pleroma/pleroma!3902
Diffstat:
5 files changed, 2 insertions(+), 59 deletions(-)
diff --git a/changelog.d/3896.add b/changelog.d/3896.add
@@ -1 +1 @@
-Validate Host header for MediaProxy and Uploads and return a 302 if the base_url has changed
+Validate Host header for Uploads and return a 302 if the base_url has changed
diff --git a/changelog.d/3902.skip b/changelog.d/3902.skip
diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@@ -12,7 +12,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
alias Pleroma.Web.MediaProxy
alias Plug.Conn
- plug(:validate_host)
plug(:sandbox)
def remote(conn, %{"sig" => sig64, "url" => url64}) do
@@ -206,30 +205,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
Config.get([:media_proxy, :proxy_opts], [])
end
- defp validate_host(conn, _params) do
- %{scheme: proxy_scheme, host: proxy_host, port: proxy_port} =
- MediaProxy.base_url() |> URI.parse()
-
- if match?(^proxy_host, conn.host) do
- conn
- else
- redirect_url =
- %URI{
- scheme: proxy_scheme,
- host: proxy_host,
- port: proxy_port,
- path: conn.request_path,
- query: conn.query_string
- }
- |> URI.to_string()
- |> String.trim_trailing("?")
-
- conn
- |> Phoenix.Controller.redirect(external: redirect_url)
- |> halt()
- end
- end
-
defp sandbox(conn, _params) do
conn
|> merge_resp_headers([{"content-security-policy", "sandbox;"}])
diff --git a/test/pleroma/web/media_proxy/media_proxy_controller_test.exs b/test/pleroma/web/media_proxy/media_proxy_controller_test.exs
@@ -54,35 +54,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do
} = get(conn, "/proxy/hhgfh/eeee/fff")
end
- test "it returns a 302 for invalid host", %{conn: conn} do
- new_proxy_base = "http://mp.localhost/"
-
- %{scheme: new_proxy_scheme, host: new_proxy_host, port: new_proxy_port} =
- URI.parse(new_proxy_base)
-
- clear_config([:media_proxy, :base_url], new_proxy_base)
-
- proxy_url =
- MediaProxy.encode_url("https://pleroma.social/logo.jpeg")
- |> URI.parse()
- |> Map.put(:host, "wronghost")
- |> URI.to_string()
-
- expected_url =
- URI.parse(proxy_url)
- |> Map.put(:host, new_proxy_host)
- |> Map.put(:port, new_proxy_port)
- |> Map.put(:scheme, new_proxy_scheme)
- |> URI.to_string()
-
- with_mock Pleroma.ReverseProxy,
- call: fn _conn, _url, _opts -> %Conn{status: :success} end do
- conn = get(conn, proxy_url)
-
- assert redirected_to(conn, 302) == expected_url
- end
- end
-
test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do
invalid_url = String.replace(url, "test.png", "test-file.png")
response = get(conn, invalid_url)
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
@@ -120,9 +120,6 @@ defmodule Pleroma.Web.ConnCase do
Mox.verify_on_exit!()
- {:ok,
- conn:
- Phoenix.ConnTest.build_conn()
- |> Map.put(:host, Pleroma.Web.Endpoint.host())}
+ {:ok, conn: Phoenix.ConnTest.build_conn()}
end
end
