sanitize proxied remote content response
re-construct the Response object to make sure no strange headers slip into our own response.
This commit is contained in:
parent
d8edb51d6a
commit
b2d6678405
2 changed files with 18 additions and 1 deletions
|
@ -23,6 +23,7 @@ wasm-bindgen-futures = "0.4"
|
|||
web-sys = { version = "0.3", features = [
|
||||
"Crypto",
|
||||
"Headers",
|
||||
"ReadableStream",
|
||||
"Request",
|
||||
"RequestInit",
|
||||
"RequestRedirect",
|
||||
|
|
18
src/lib.rs
18
src/lib.rs
|
@ -54,6 +54,12 @@ extern "C" {
|
|||
fn fetch(req: &Request) -> Promise;
|
||||
}
|
||||
|
||||
macro_rules! get_header {
|
||||
($headers:expr, $name:expr) => {
|
||||
$headers.get($name).internal_err()?.ok_or(Error::InternalError())?
|
||||
};
|
||||
}
|
||||
|
||||
// A caching proxy for images inserted into articles
|
||||
// to protect user's privacy and accelerate page load
|
||||
async fn proxy_remote_image(req: Request, url: Url) -> MyResult<Response> {
|
||||
|
@ -74,7 +80,17 @@ async fn proxy_remote_image(req: Request, url: Url) -> MyResult<Response> {
|
|||
RequestInit::new()
|
||||
.method("GET")
|
||||
.redirect(RequestRedirect::Follow)).internal_err()?;
|
||||
Ok(JsFuture::from(fetch(&new_req)).await.internal_err()?.into())
|
||||
let remote_resp: Response = JsFuture::from(fetch(&new_req)).await.internal_err()?.into();
|
||||
let remote_headers = remote_resp.headers();
|
||||
|
||||
Response::new_with_opt_readable_stream_and_init(
|
||||
remote_resp.body().as_ref(),
|
||||
ResponseInit::new()
|
||||
.status(remote_resp.status())
|
||||
.headers(headers!{
|
||||
"Content-Type" => &get_header!(remote_headers, "content-type")
|
||||
}.as_ref())
|
||||
).internal_err()
|
||||
}
|
||||
|
||||
async fn default_route(_req: Request, url: Url) -> MyResult<Response> {
|
||||
|
|
Loading…
Add table
Reference in a new issue