From da484a48e3cfb44a29cc36a4714c489153168f24 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Jul 2021 10:55:32 +0000 Subject: [PATCH 1/2] Proxy: Avoid access for not logged in users --- src/Module/Proxy.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Module/Proxy.php b/src/Module/Proxy.php index f929d4f736..57ff592564 100644 --- a/src/Module/Proxy.php +++ b/src/Module/Proxy.php @@ -45,8 +45,12 @@ class Proxy extends BaseModule * Sets application instance and checks if /proxy/ path is writable. * */ - public static function init(array $parameters = []) + public static function rawContent(array $parameters = []) { + if (!local_user()) { + throw new \Friendica\Network\HTTPException\ForbiddenException(DI::l10n()->t('Access denied.')); + } + // Set application instance here $a = DI::app(); From 24f013a65453fdb8de82c6383d6244a081d46132 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 4 Jul 2021 11:53:49 +0000 Subject: [PATCH 2/2] Redirecting not logged in user instead of failing --- src/Module/Proxy.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Module/Proxy.php b/src/Module/Proxy.php index 57ff592564..317ec530a5 100644 --- a/src/Module/Proxy.php +++ b/src/Module/Proxy.php @@ -23,6 +23,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\Logger; +use Friendica\Core\System; use Friendica\DI; use Friendica\Model\Photo; use Friendica\Object\Image; @@ -47,10 +48,6 @@ class Proxy extends BaseModule */ public static function rawContent(array $parameters = []) { - if (!local_user()) { - throw new \Friendica\Network\HTTPException\ForbiddenException(DI::l10n()->t('Access denied.')); - } - // Set application instance here $a = DI::app(); @@ -93,6 +90,11 @@ class Proxy extends BaseModule throw new \Friendica\Network\HTTPException\BadRequestException(); } + if (!local_user()) { + Logger::info('Redirecting not logged in user to original address', ['url' => $request['url']]); + System::externalRedirect($request['url']); + } + // Webserver already tried direct cache... // Try to use filecache;