Refuse to upload files if upload slot doesn't provide https.

7 months ago · a320fb624e
parent 08286968ae
commit a320fb624e
2 changed files with 6 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,8 @@
 # Changelog

 ## Unreleased
+### Changed
+- Refuse to upload a file if upload slot doesn't provide https.

 ## [v0.7.0] 2023-11-11
 ### Added
--- a/httpupload.go
+++ b/httpupload.go
@ -14,6 +14,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"strconv"
+	"strings"

 	"github.com/beevik/etree"            // BSD-2-clause
 	"github.com/gabriel-vasile/mimetype" // MIT License
@ -185,7 +186,9 @@ func httpUpload(client *xmpp.Client, iqc chan xmpp.IQ, jserver string, filePath
 	if iqHTTPUploadSlotXMLPutURL == nil {
 		log.Fatal("http-upload: no url attribute")
 	}
-
+	if !strings.HasPrefix(iqHTTPUploadSlotXMLPutURL.Value, "https://") {
+		log.Fatal("http-upload: upload slot does not provide https")
+	}
 	// Upload file
 	httpClient := &http.Client{}
 	req, err := http.NewRequest(http.MethodPut, iqHTTPUploadSlotXMLPutURL.Value,