Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-13 04:48:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enhancing the security of image proxy (#3176)

Browse Source 
(cherry picked from commit 30dee18835)
This commit is contained in:
xiaodong zuo
2023-07-12 16:35:46 +08:00
committed by Alex Yang
parent ac55ae467c
commit bb7ed6869e
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/workers/src/index.ts
View File

@@ -39,7 +39,12 @@ async function proxyImage(request: Request): Promise<Response> {
const response = await fetch(imageRequest);
const modifiedResponse = new Response(response.body);
modifiedResponse.headers.set('Access-Control-Allow-Origin', '*');
modifiedResponse.headers.set(
'Access-Control-Allow-Origin',
request.headers.get('Origin') ?? 'null'
);
modifiedResponse.headers.set('Vary', 'Origin');
modifiedResponse.headers.set('Access-Control-Allow-Methods', 'GET');
return modifiedResponse;
@@ -47,7 +52,7 @@ async function proxyImage(request: Request): Promise<Response> {
const handler = {
async fetch(request: Request) {
if (!isOriginAllowed(request.headers.get('Origin') || '', ALLOW_ORIGIN)) {
if (!isOriginAllowed(request.headers.get('Origin') ?? '', ALLOW_ORIGIN)) {
return new Response('unauthorized', { status: 401 });
}