terribleplan/mangadex_at_home
1
0
Fork 0
forked from gitlab-com-mangadex-pub/mangadex_at_home
Code Issues Pull requests Releases Wiki Activity

Added rudimentary support of Referer checking to mitigate hotlinking

Browse source
This commit is contained in:
Amos Ng 2020-06-29 06:08:00 +08:00
parent ccb526079c
commit 00e4ac20bb
No known key found for this signature in database
GPG key ID: 89086414F634D123
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Added ### Added
- [2020-06-23] Added Gitlab CI integration by [@lflare]. - [2020-06-23] Added Gitlab CI integration by [@lflare].
- [2020-06-28] Added `client_external_port setting` [@wedge1001]. - [2020-06-28] Added `client_external_port setting` [@wedge1001].
- [2020-06-29] Added rudimentary support of Referer checking to mitigate hotlinking by [@lflare].
### Changed ### Changed

6
src/main/kotlin/mdnet/base/server/ImageServer.kt
View file

@ -101,8 +101,12 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
} }
} }
val referer = request.header("Referer")
handled.set(true) handled.set(true)
if (snapshot != null && imageDatum != null) { if (referer != null && !referer.contains("mangadex.org")) {
Response(Status.FORBIDDEN)
} else if (snapshot != null && imageDatum != null) {
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
.header("X-Uri", sanitizedUri) .header("X-Uri", sanitizedUri)
} else { } else {