mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-09-20 07:57:29 +03:00
fix: enhancing the security of image proxy (#3176)
This commit is contained in:
parent
b509302711
commit
30dee18835
1
.github/workflows/workers.yml
vendored
1
.github/workflows/workers.yml
vendored
@ -18,4 +18,5 @@ jobs:
|
||||
uses: cloudflare/wrangler-action@2.0.0
|
||||
with:
|
||||
apiToken: ${{ secrets.CF_API_TOKEN }}
|
||||
accountId: ${{ secrets.CF_ACCOUNT_ID }}
|
||||
workingDirectory: 'packages/workers'
|
||||
|
@ -39,7 +39,12 @@ async function proxyImage(request: Request): Promise<Response> {
|
||||
|
||||
const response = await fetch(imageRequest);
|
||||
const modifiedResponse = new Response(response.body);
|
||||
modifiedResponse.headers.set('Access-Control-Allow-Origin', '*');
|
||||
|
||||
modifiedResponse.headers.set(
|
||||
'Access-Control-Allow-Origin',
|
||||
request.headers.get('Origin') ?? 'null'
|
||||
);
|
||||
modifiedResponse.headers.set('Vary', 'Origin');
|
||||
modifiedResponse.headers.set('Access-Control-Allow-Methods', 'GET');
|
||||
|
||||
return modifiedResponse;
|
||||
@ -47,7 +52,7 @@ async function proxyImage(request: Request): Promise<Response> {
|
||||
|
||||
const handler = {
|
||||
async fetch(request: Request) {
|
||||
if (!isOriginAllowed(request.headers.get('Origin') || '', ALLOW_ORIGIN)) {
|
||||
if (!isOriginAllowed(request.headers.get('Origin') ?? '', ALLOW_ORIGIN)) {
|
||||
return new Response('unauthorized', { status: 401 });
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user