KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Imageblob only from allowed origin

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-04-03 16:19:11 +02:00
parent 355926ddff
commit 02667f4348
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/public/assets/js/frontpage.js
View File

@@ -221,6 +221,9 @@ var Frontpage = {
$("#mega-background").css("opacity", 1); $("#mega-background").css("opacity", 1);
$(".autocomplete").attr("placeholder", list[i]._id); $(".autocomplete").attr("placeholder", list[i]._id);
},500); },500);
},
error: function() {
$(".autocomplete").attr("placeholder", list[i]._id);
} }
}); });
}; };

8
server/routing/client/api.js
View File

@@ -1095,10 +1095,16 @@ function incrementToken(token) {
router.route('/api/imageblob').post(function(req, res) { router.route('/api/imageblob').post(function(req, res) {
var Jimp = require("jimp"); var Jimp = require("jimp");
var origin = req.get("origin").replace("https://", "").replace("http://", "");
var allowed = ["client.localhost", "localhost", "zoff.me", "client.zoff.me", "zoff.no", "client.zoff.no"];
if(allowed.indexOf(origin) < 0) {
res.sendStatus(403);
return;
}
Jimp.read('https://img.youtube.com/vi/' + req.body.id + '/mqdefault.jpg', function (err, image) { Jimp.read('https://img.youtube.com/vi/' + req.body.id + '/mqdefault.jpg', function (err, image) {
if (err) { if (err) {
console.log(err); console.log(err);
res.send(404); res.sendStatus(404);
return; return;
} }
image.blur(50) image.blur(50)