Refuse to upload files if upload slot doesn't provide https.

http-upload-enforce-https
Martin Dosch 7 months ago
parent 08286968ae
commit a320fb624e
No known key found for this signature in database
GPG Key ID: 52A57CFCE13D657D

@ -1,6 +1,8 @@
# Changelog
## Unreleased
### Changed
- Refuse to upload a file if upload slot doesn't provide https.
## [v0.7.0] 2023-11-11
### Added

@ -14,6 +14,7 @@ import (
"path/filepath"
"regexp"
"strconv"
"strings"
"github.com/beevik/etree" // BSD-2-clause
"github.com/gabriel-vasile/mimetype" // MIT License
@ -185,7 +186,9 @@ func httpUpload(client *xmpp.Client, iqc chan xmpp.IQ, jserver string, filePath
if iqHTTPUploadSlotXMLPutURL == nil {
log.Fatal("http-upload: no url attribute")
}
if !strings.HasPrefix(iqHTTPUploadSlotXMLPutURL.Value, "https://") {
log.Fatal("http-upload: upload slot does not provide https")
}
// Upload file
httpClient := &http.Client{}
req, err := http.NewRequest(http.MethodPut, iqHTTPUploadSlotXMLPutURL.Value,

Loading…
Cancel
Save