From 158dd49b3d9a4162520da824a01f8993548375ca Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 1 Jan 2022 22:28:02 +0900 Subject: [PATCH] fix https://github.com/misskey-dev/misskey/commit/d53795184cd0ee326b0da58b267e3460f948703c#r62707827 --- packages/backend/src/server/proxy/proxy-media.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/backend/src/server/proxy/proxy-media.ts b/packages/backend/src/server/proxy/proxy-media.ts index b116b4b961..aba08bb805 100644 --- a/packages/backend/src/server/proxy/proxy-media.ts +++ b/packages/backend/src/server/proxy/proxy-media.ts @@ -19,6 +19,7 @@ export async function proxyMedia(ctx: Koa.Context) { const { mime, ext } = await detectType(path); + if (!mime.startsWith('image/')) throw 403; if (!FILE_TYPE_BROWSERSAFE.includes(mime)) throw 403; let image: IImage;