From 843fcca5b4d022e4c088d4a60839b4a286500148 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Mon, 29 May 2023 13:59:51 -0400
Subject: Validate Host header matches expected value before allowing access to
 MediaProxy

---
 lib/pleroma/web/media_proxy/media_proxy_controller.ex | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
index bda5b36ed..767496b68 100644
--- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@@ -12,6 +12,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
   alias Pleroma.Web.MediaProxy
   alias Plug.Conn
 
+  plug(:validate_host)
   plug(:sandbox)
 
   def remote(conn, %{"sig" => sig64, "url" => url64}) do
@@ -205,6 +206,17 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
     Config.get([:media_proxy, :proxy_opts], [])
   end
 
+  defp validate_host(conn, _params) do
+    proxy_host = MediaProxy.base_url() |> URI.parse() |> Map.get(:host)
+
+    if match?(^proxy_host, conn.host) do
+      conn
+    else
+      send_resp(conn, 400, Conn.Status.reason_phrase(400))
+      |> halt()
+    end
+  end
+
   defp sandbox(conn, _params) do
     conn
     |> merge_resp_headers([{"content-security-policy", "sandbox;"}])
-- 
cgit v1.2.3