fix(server): validate url from ap to improve security

This commit is contained in:
syuilo 2023-02-08 17:50:23 +09:00
parent 650187deaf
commit 0da0cc80b9

View file

@ -48,6 +48,10 @@ export class ApImageService {
throw new Error('invalid image: url not privided'); throw new Error('invalid image: url not privided');
} }
if (!image.url.startsWith('https://')) {
throw new Error('invalid image: unexpected shcema of url: ' + image.url);
}
this.logger.info(`Creating the Image: ${image.url}`); this.logger.info(`Creating the Image: ${image.url}`);
const instance = await this.metaService.fetch(); const instance = await this.metaService.fetch();