store_url: only accept identity content encoding
Some servers (like IPFS gateways) will use chunked transfer encoding on anything but identity content encoding. Also, probably fix a potential zip bomb vulnerability.
This commit is contained in:
parent
04b46bd01a
commit
b2d830e2aa
1 changed files with 2 additions and 1 deletions
3
fhost.py
3
fhost.py
|
@ -234,7 +234,8 @@ def store_url(url, addr):
|
||||||
if is_fhost_url(url):
|
if is_fhost_url(url):
|
||||||
return segfault(508)
|
return segfault(508)
|
||||||
|
|
||||||
r = requests.get(url, stream=True, verify=False)
|
h = { "Accept-Encoding" : "identity" }
|
||||||
|
r = requests.get(url, stream=True, verify=False, headers=h)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
|
|
Loading…
Reference in a new issue