From a320fb624e927a688faa5ddf037d5729f0758382 Mon Sep 17 00:00:00 2001
From: Martin Dosch <martin@mdosch.de>
Date: Fri, 1 Dec 2023 13:55:41 +0100
Subject: [PATCH] Refuse to upload files if upload slot doesn't provide https.

---
 CHANGELOG.md  | 2 ++
 httpupload.go | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 66a0a96..f260e62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 
 ## Unreleased
+### Changed
+- Refuse to upload a file if upload slot doesn't provide https.
 
 ## [v0.7.0] 2023-11-11
 ### Added
diff --git a/httpupload.go b/httpupload.go
index c36581f..269a01e 100644
--- a/httpupload.go
+++ b/httpupload.go
@@ -14,6 +14,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"strconv"
+	"strings"
 
 	"github.com/beevik/etree"            // BSD-2-clause
 	"github.com/gabriel-vasile/mimetype" // MIT License
@@ -185,7 +186,9 @@ func httpUpload(client *xmpp.Client, iqc chan xmpp.IQ, jserver string, filePath
 	if iqHTTPUploadSlotXMLPutURL == nil {
 		log.Fatal("http-upload: no url attribute")
 	}
-
+	if !strings.HasPrefix(iqHTTPUploadSlotXMLPutURL.Value, "https://") {
+		log.Fatal("http-upload: upload slot does not provide https")
+	}
 	// Upload file
 	httpClient := &http.Client{}
 	req, err := http.NewRequest(http.MethodPut, iqHTTPUploadSlotXMLPutURL.Value,