summary refs log tree commit diff
path: root/cdn
diff options
context:
space:
mode:
authorFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-09-25 23:54:30 +0200
committerFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-09-25 23:54:30 +0200
commit46b7f44bf0162deebdce7f49e04c2a8fe176631a (patch)
tree52cb415cf6a17c3c74e75c63acab331bc3378c8d /cdn
parent:sparkles: key value config (diff)
downloadserver-46b7f44bf0162deebdce7f49e04c2a8fe176631a.tar.xz
:lock: XSS content type: html
Diffstat (limited to 'cdn')
-rw-r--r--cdn/src/routes/attachments.ts17
1 files changed, 15 insertions, 2 deletions
diff --git a/cdn/src/routes/attachments.ts b/cdn/src/routes/attachments.ts
index 7c55998b..49ceb1b6 100644
--- a/cdn/src/routes/attachments.ts
+++ b/cdn/src/routes/attachments.ts
@@ -8,6 +8,13 @@ import imageSize from "image-size";
 
 const router = Router();
 
+const SANITIZED_CONTENT_TYPE = [
+	"text/html",
+	"text/mhtml",
+	"multipart/related",
+	"application/xhtml+xml",
+];
+
 router.post(
 	"/:channel_id",
 	multer.single("file"),
@@ -24,7 +31,8 @@ router.post(
 		const id = Snowflake.generate();
 		const path = `attachments/${channel_id}/${id}/${filename}`;
 
-		const endpoint = Config.get()?.cdn.endpoint || "http://localhost:3003";
+		const endpoint =
+			Config.get()?.cdn.endpointPublic || "http://localhost:3003";
 
 		await storage.set(path, buffer);
 		var width;
@@ -61,8 +69,13 @@ router.get(
 		);
 		if (!file) throw new HTTPError("File not found");
 		const type = await FileType.fromBuffer(file);
+		let content_type = type?.mime || "application/octet-stream";
+
+		if (SANITIZED_CONTENT_TYPE.includes(content_type)) {
+			content_type = "application/octet-stream";
+		}
 
-		res.set("Content-Type", type?.mime);
+		res.set("Content-Type", content_type);
 		res.set("Cache-Control", "public, max-age=31536000");
 
 		return res.send(file);