Make internal proxy more safe

author: RblSb <msrblsb@gmail.com> 2020-05-20 14:29:37 +0300
committer: RblSb <msrblsb@gmail.com> 2020-05-20 14:29:37 +0300
commit: 5abb726dc80decc2e3a73164905f1b8cccf9c47d (patch)
tree: 14c47574550981d54edeb1226a1a8f4e1fa15d5d /src/server/HttpServer.hx
parent: a525aeb86aaa02bccf960c18ee0b6751409e7d70 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/server/HttpServer.hx b/src/server/HttpServer.hx
index aeabe2c..c6abe30 100644
--- a/src/server/HttpServer.hx
+++ b/src/server/HttpServer.hx
@@ -138,7 +138,9 @@ class HttpServer {
 
 	static function proxyUrl(req:IncomingMessage, res:ServerResponse):Bool {
 		final url = req.url.replace("/proxy?url=", "");
-		final url = new URL(js.Node.global.decodeURI(url));
+		final url = try {
+			new URL(js.Node.global.decodeURI(url));
+		} catch(e) return false;
 		if (url.host == req.headers["host"]) return false;
 		final options = {
 			host: url.host,
@@ -149,6 +151,7 @@ class HttpServer {
 		};
 		final request = url.protocol == "https:" ? Https.request : Http.request;
 		final proxy = request(options, proxyRes -> {
+			proxyRes.headers["Content-Type"] = "application/octet-stream";
 			res.writeHead(proxyRes.statusCode, proxyRes.headers);
 			proxyRes.pipe(res, {end: true});
 		});
author	RblSb <msrblsb@gmail.com>	2020-05-20 14:29:37 +0300
committer	RblSb <msrblsb@gmail.com>	2020-05-20 14:29:37 +0300
commit	5abb726dc80decc2e3a73164905f1b8cccf9c47d (patch)
tree	14c47574550981d54edeb1226a1a8f4e1fa15d5d /src/server/HttpServer.hx
parent	a525aeb86aaa02bccf960c18ee0b6751409e7d70 (diff)