Merge branch 'prevent-hotlinking' into 'master'
Added rudimentary support of Referer checking to mitigate hotlinking See merge request mangadex-pub/mangadex_at_home!41
This commit is contained in:
commit
63c810815f
|
@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
### Added
|
||||
- [2020-06-23] Added Gitlab CI integration by [@lflare].
|
||||
- [2020-06-28] Added `client_external_port setting` [@wedge1001].
|
||||
- [2020-06-29] Added rudimentary support of Referer checking to mitigate hotlinking by [@lflare].
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
|
@ -101,8 +101,16 @@ class ImageServer(private val cache: DiskLruCache, private val statistics: Atomi
|
|||
}
|
||||
}
|
||||
|
||||
val referer = request.header("Referer")
|
||||
|
||||
handled.set(true)
|
||||
if (snapshot != null && imageDatum != null) {
|
||||
if (referer != null && !referer.startsWith("https://mangadex.org")) {
|
||||
if (snapshot != null) {
|
||||
snapshot.close()
|
||||
}
|
||||
|
||||
Response(Status.FORBIDDEN)
|
||||
} else if (snapshot != null && imageDatum != null) {
|
||||
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
|
||||
.header("X-Uri", sanitizedUri)
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue