Add HTTPS check for ffmpeg and custom embeds
This commit is contained in:
Calvin Montgomery
parent
5f4e9076df
commit
e2abb90d14
6 changed files with 54 additions and 11 deletions
|
|
@ -414,3 +414,26 @@ exports.get = function (key) {
|
|||
|
||||
return obj[current];
|
||||
};
|
||||
|
||||
/**
|
||||
* Sets a configuration value with the given key
|
||||
*
|
||||
* Accepts a dot-separated key for nested values, e.g. "http.port"
|
||||
* Throws an error if a nonexistant key is requested
|
||||
*/
|
||||
exports.set = function (key, value) {
|
||||
var obj = cfg;
|
||||
var keylist = key.split(".");
|
||||
var current = keylist.shift();
|
||||
var path = current;
|
||||
while (keylist.length > 0) {
|
||||
if (!(current in obj)) {
|
||||
throw new Error("Nonexistant config key '" + path + "." + current + "'");
|
||||
}
|
||||
obj = obj[current];
|
||||
current = keylist.shift();
|
||||
path += "." + current;
|
||||
}
|
||||
|
||||
obj[current] = value;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -44,6 +44,10 @@ function filterEmbed(tag) {
|
|||
"is allowed for <embed> tags.");
|
||||
}
|
||||
|
||||
if (!/^https:/.test(tag.attribs.src)) {
|
||||
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
|
||||
}
|
||||
|
||||
var meta = {
|
||||
embed: {
|
||||
tag: "object",
|
||||
|
|
@ -67,6 +71,10 @@ function filterObject(tag) {
|
|||
"is allowed for <object> tags.");
|
||||
}
|
||||
|
||||
if (!/^https:/.test(tag.attribs.data)) {
|
||||
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
|
||||
}
|
||||
|
||||
var meta = {
|
||||
embed: {
|
||||
tag: "object",
|
||||
|
|
@ -86,6 +94,10 @@ function filterObject(tag) {
|
|||
}
|
||||
|
||||
function filterIframe(tag) {
|
||||
if (!/^https:/.test(tag.attribs.src)) {
|
||||
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
|
||||
}
|
||||
|
||||
var meta = {
|
||||
embed: {
|
||||
tag: "iframe",
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ function initFFLog() {
|
|||
}
|
||||
|
||||
function fixRedirectIfNeeded(urldata, redirect) {
|
||||
if (!/^https?:/.test(redirect)) {
|
||||
if (!/^https:/.test(redirect)) {
|
||||
redirect = urldata.protocol + "//" + urldata.host + redirect;
|
||||
}
|
||||
|
||||
|
|
@ -74,8 +74,8 @@ function translateStatusCode(statusCode) {
|
|||
function testUrl(url, cb, redirCount) {
|
||||
if (!redirCount) redirCount = 0;
|
||||
var data = urlparse.parse(url);
|
||||
if (!/https?:/.test(data.protocol)) {
|
||||
return cb("Only links starting with 'http://' or 'https://' are supported " +
|
||||
if (!/https:/.test(data.protocol)) {
|
||||
return cb("Only links starting with 'https://' are supported " +
|
||||
"for raw audio/video support");
|
||||
}
|
||||
|
||||
|
|
@ -315,9 +315,9 @@ exports.query = function (filename, cb) {
|
|||
return cb("Raw file playback is not enabled on this server");
|
||||
}
|
||||
|
||||
if (!filename.match(/^https?:\/\//)) {
|
||||
return cb("Raw file playback is only supported for links accessible via HTTP " +
|
||||
"or HTTPS. Ensure that the link begins with 'http://' or 'https://'");
|
||||
if (!filename.match(/^https:\/\//)) {
|
||||
return cb("Raw file playback is only supported for links accessible via HTTPS. " +
|
||||
"Ensure that the link begins with 'https://'.");
|
||||
}
|
||||
|
||||
testUrl(filename, function (err) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue