store_url: only accept identity content encoding
Some servers (like IPFS gateways) will use chunked transfer encoding on anything but identity content encoding. Also, probably fix a potential zip bomb vulnerability.
This commit is contained in:
Martin Herkt
parent
04b46bd01a
commit
b2d830e2aa
3
fhost.py
3
fhost.py
@ -234,7 +234,8 @@ def store_url(url, addr):
|
|||||||
if is_fhost_url(url):
|
if is_fhost_url(url):
|
||||||
return segfault(508)
|
return segfault(508)
|
||||||
|
|
||||||
r = requests.get(url, stream=True, verify=False)
|
h = { "Accept-Encoding" : "identity" }
|
||||||
|
r = requests.get(url, stream=True, verify=False, headers=h)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
r.raise_for_status()
|
r.raise_for_status()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user