From 00e4ac20bb65e9bd06c51c035294488f7523598a Mon Sep 17 00:00:00 2001 From: Amos Ng Date: Mon, 29 Jun 2020 06:08:00 +0800 Subject: [PATCH] Added rudimentary support of Referer checking to mitigate hotlinking --- CHANGELOG.md | 1 + src/main/kotlin/mdnet/base/server/ImageServer.kt | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39db16c..2d8c1ac 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - [2020-06-23] Added Gitlab CI integration by [@lflare]. - [2020-06-28] Added `client_external_port setting` [@wedge1001]. +- [2020-06-29] Added rudimentary support of Referer checking to mitigate hotlinking by [@lflare]. ### Changed diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt index f1bb94e..13e1c88 100644 --- a/src/main/kotlin/mdnet/base/server/ImageServer.kt +++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt @@ -101,8 +101,12 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi } } + val referer = request.header("Referer") + handled.set(true) - if (snapshot != null && imageDatum != null) { + if (referer != null && !referer.contains("mangadex.org")) { + Response(Status.FORBIDDEN) + } else if (snapshot != null && imageDatum != null) { request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) .header("X-Uri", sanitizedUri) } else {