mirror of
https://git.0x0.st/mia/0x0.git
synced 2024-11-25 01:47:11 +01:00
store_url: only accept identity content encoding
Some servers (like IPFS gateways) will use chunked transfer encoding on anything but identity content encoding. Also, probably fix a potential zip bomb vulnerability.
This commit is contained in:
parent
04b46bd01a
commit
b2d830e2aa
1 changed files with 2 additions and 1 deletions
3
fhost.py
3
fhost.py
|
@ -234,7 +234,8 @@ def store_url(url, addr):
|
|||
if is_fhost_url(url):
|
||||
return segfault(508)
|
||||
|
||||
r = requests.get(url, stream=True, verify=False)
|
||||
h = { "Accept-Encoding" : "identity" }
|
||||
r = requests.get(url, stream=True, verify=False, headers=h)
|
||||
|
||||
try:
|
||||
r.raise_for_status()
|
||||
|
|
Loading…
Reference in a new issue