KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Imageblob only from allowed origin

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-04-03 16:19:11 +02:00
parent 355926ddff
commit 02667f4348
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/routing/client/api.js
View File

@@ -1095,10 +1095,16 @@ function incrementToken(token) {
router.route('/api/imageblob').post(function(req, res) {
var Jimp = require("jimp");
var origin = req.get("origin").replace("https://", "").replace("http://", "");
var allowed = ["client.localhost", "localhost", "zoff.me", "client.zoff.me", "zoff.no", "client.zoff.no"];
if(allowed.indexOf(origin) < 0) {
res.sendStatus(403);
return;
}
Jimp.read('https://img.youtube.com/vi/' + req.body.id + '/mqdefault.jpg', function (err, image) {
if (err) {
console.log(err);
res.send(404);
res.sendStatus(404);
return;
}
image.blur(50)