jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Danbooru::Http: fix bug when using proxy option.

Browse Source 
Fix external HTTP requests not working when the HTTP proxy was enabled. Caused by the `public_only`
option (which prevents SSRF attacks by validating that the URL doesn't resolve to a local IP) being
incompatible with the `proxy` option.
This commit is contained in:
evazion
2022-11-12 02:39:44 -06:00
parent 215df49050
commit a167091bf9
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/logical/danbooru/http.rb
View File

@@ -55,7 +55,13 @@ module Danbooru
# The default HTTP client for requests to external websites. This includes API calls to external services, fetching source data, and downloading images.
def self.external
new.proxy.public_only.headers("User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0")
if Danbooru.config.http_proxy.present?
# XXX The `proxy` option is incompatible with the `public_only` option. When using a proxy, the proxy itself
# should be configured to block HTTP requests to IPs on the local network.
new.proxy.headers("User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0")
else
new.public_only.headers("User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0")
end
end
# The default HTTP client for API calls to internal services controlled by Danbooru.