Fix proxying unsplash images (security)

This commit is contained in:
kolaente 2020-05-31 22:36:25 +02:00
parent 03ef48a0ae
commit d8a6acda96
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B

View file

@ -20,10 +20,12 @@ import (
"code.vikunja.io/web/handler"
"github.com/labstack/echo/v4"
"net/http"
"strings"
)
func unsplashImage(url string, c echo.Context) error {
resp, err := http.Get(url)
// Replacing and appending the url for security reasons
resp, err := http.Get("https://images.unsplash.com/" + strings.Replace(url, "https://images.unsplash.com/", "", 1))
if err != nil {
return err
}