1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00

allowed media types for icon images

This commit is contained in:
Kyle Spearrin 2018-03-03 14:12:57 -05:00
parent cf2183471c
commit 8d681738c8

View File

@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
@ -18,6 +19,11 @@ namespace Bit.Icons.Controllers
AllowAutoRedirect = false,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
});
private static readonly HashSet<string> _allowedMediaTypes = new HashSet<string>{
"image/png",
"image/x-icon",
"image/jpeg"
};
private readonly IMemoryCache _memoryCache;
private readonly IDomainMappingService _domainMappingService;
private readonly IconsSettings _iconsSettings;
@ -54,7 +60,8 @@ namespace Bit.Icons.Controllers
$"&fallback_icon_url=https://raw.githubusercontent.com/bitwarden/web/master/src/images/fa-globe.png";
var response = await _httpClient.GetAsync(iconUrl);
response = await FollowRedirectsAsync(response, 1);
if(!response.IsSuccessStatusCode)
if(!response.IsSuccessStatusCode ||
!_allowedMediaTypes.Contains(response.Content.Headers.ContentType.MediaType))
{
return new NotFoundResult();
}