Reject non-TLS URLs in HTTP File Upload (#1098)

* Reject non-TLS URLs in HTTP File Upload

This is a MUST in the XEP.

* Update 0363_http_file_upload.vala

Co-authored-by: fiaxh <fiaxh@users.noreply.github.com>
This commit is contained in:
linkmauve 2021-11-28 22:54:48 +01:00 committed by GitHub
parent e7500138a9
commit 905f93bccc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -72,6 +72,11 @@ public class Module : XmppStreamModule {
Idle.add((owned) callback); Idle.add((owned) callback);
return; return;
} }
if (!url_get.down().has_prefix("https://") || !url_put.down().has_prefix("https://")) {
e = new HttpFileTransferError.SLOT_REQUEST("Error getting upload/download url: Received non-https URL from server");
Idle.add((owned) callback);
return;
}
slot_result.headers = new HashMap<string, string>(); slot_result.headers = new HashMap<string, string>();