From 843fcca5b4d022e4c088d4a60839b4a286500148 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 29 May 2023 13:59:51 -0400 Subject: Validate Host header matches expected value before allowing access to MediaProxy --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index bda5b36ed..767496b68 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.Web.MediaProxy alias Plug.Conn + plug(:validate_host) plug(:sandbox) def remote(conn, %{"sig" => sig64, "url" => url64}) do @@ -205,6 +206,17 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do Config.get([:media_proxy, :proxy_opts], []) end + defp validate_host(conn, _params) do + proxy_host = MediaProxy.base_url() |> URI.parse() |> Map.get(:host) + + if match?(^proxy_host, conn.host) do + conn + else + send_resp(conn, 400, Conn.Status.reason_phrase(400)) + |> halt() + end + end + defp sandbox(conn, _params) do conn |> merge_resp_headers([{"content-security-policy", "sandbox;"}]) -- cgit v1.2.3 From a60dd0d92dae2471025827bc57d3cf3194003110 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 29 May 2023 14:16:03 -0400 Subject: Validate Host header matches expected value before allowing access to Uploads --- lib/pleroma/web/plugs/uploaded_media.ex | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/uploaded_media.ex b/lib/pleroma/web/plugs/uploaded_media.ex index 8b3bc9acb..49db9808f 100644 --- a/lib/pleroma/web/plugs/uploaded_media.ex +++ b/lib/pleroma/web/plugs/uploaded_media.ex @@ -46,12 +46,21 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do config = Pleroma.Config.get(Pleroma.Upload) - with uploader <- Keyword.fetch!(config, :uploader), + media_host = Pleroma.Upload.base_url() |> URI.parse() |> Map.get(:host) + + with {:valid_host, true} <- {:valid_host, match?(^media_host, conn.host)}, + uploader <- Keyword.fetch!(config, :uploader), proxy_remote = Keyword.get(config, :proxy_remote, false), {:ok, get_method} <- uploader.get_file(file), false <- media_is_banned(conn, get_method) do get_media(conn, get_method, proxy_remote, opts) else + {:valid_host, false} -> + conn + + send_resp(conn, 400, Plug.Conn.Status.reason_phrase(400)) + |> halt() + _ -> conn |> send_resp(:internal_server_error, dgettext("errors", "Failed")) -- cgit v1.2.3 From da7394f33b4402325b220dcd2957945464517f8b Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 29 May 2023 15:09:31 -0400 Subject: Fix unused assignment --- lib/pleroma/web/plugs/uploaded_media.ex | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/uploaded_media.ex b/lib/pleroma/web/plugs/uploaded_media.ex index 49db9808f..f97c64cee 100644 --- a/lib/pleroma/web/plugs/uploaded_media.ex +++ b/lib/pleroma/web/plugs/uploaded_media.ex @@ -56,8 +56,6 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do get_media(conn, get_method, proxy_remote, opts) else {:valid_host, false} -> - conn - send_resp(conn, 400, Plug.Conn.Status.reason_phrase(400)) |> halt() -- cgit v1.2.3 From b3c3bd99c390a4e5081d411011688e38285547b0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 30 May 2023 16:56:09 -0400 Subject: Switch from serving a 400 to a 302 --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 17 +++++++++++++++-- lib/pleroma/web/plugs/uploaded_media.ex | 17 +++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 767496b68..20f3a3438 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -207,12 +207,25 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do end defp validate_host(conn, _params) do - proxy_host = MediaProxy.base_url() |> URI.parse() |> Map.get(:host) + %{scheme: proxy_scheme, host: proxy_host, port: proxy_port} = + MediaProxy.base_url() |> URI.parse() if match?(^proxy_host, conn.host) do conn else - send_resp(conn, 400, Conn.Status.reason_phrase(400)) + redirect_url = + %URI{ + scheme: proxy_scheme, + host: proxy_host, + port: proxy_port, + path: conn.request_path, + query: conn.query_string + } + |> URI.to_string() + |> String.trim_trailing("?") + + conn + |> Phoenix.Controller.redirect(external: redirect_url) |> halt() end end diff --git a/lib/pleroma/web/plugs/uploaded_media.ex b/lib/pleroma/web/plugs/uploaded_media.ex index f97c64cee..9dd5eb239 100644 --- a/lib/pleroma/web/plugs/uploaded_media.ex +++ b/lib/pleroma/web/plugs/uploaded_media.ex @@ -46,7 +46,8 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do config = Pleroma.Config.get(Pleroma.Upload) - media_host = Pleroma.Upload.base_url() |> URI.parse() |> Map.get(:host) + %{scheme: media_scheme, host: media_host, port: media_port} = + Pleroma.Upload.base_url() |> URI.parse() with {:valid_host, true} <- {:valid_host, match?(^media_host, conn.host)}, uploader <- Keyword.fetch!(config, :uploader), @@ -56,7 +57,19 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do get_media(conn, get_method, proxy_remote, opts) else {:valid_host, false} -> - send_resp(conn, 400, Plug.Conn.Status.reason_phrase(400)) + redirect_url = + %URI{ + scheme: media_scheme, + host: media_host, + port: media_port, + path: conn.request_path, + query: conn.query_string + } + |> URI.to_string() + |> String.trim_trailing("?") + + conn + |> Phoenix.Controller.redirect(external: redirect_url) |> halt() _ -> -- cgit v1.2.3