mirror of
https://gitea.invidious.io/iv-org/invidious
synced 2024-12-22 22:38:19 +01:00
video_playback: Check "host" parameter validity
This commit is contained in:
parent
955e3de56d
commit
01135db80a
@ -14,12 +14,18 @@ module Invidious::Routes::VideoPlayback
|
||||
end
|
||||
|
||||
if query_params["host"]? && !query_params["host"].empty?
|
||||
host = "https://#{query_params["host"]}"
|
||||
host = query_params["host"]
|
||||
query_params.delete("host")
|
||||
else
|
||||
host = "https://r#{fvip}---#{mns.pop}.googlevideo.com"
|
||||
host = "r#{fvip}---#{mns.pop}.googlevideo.com"
|
||||
end
|
||||
|
||||
# Sanity check, to avoid being used as an open proxy
|
||||
if !host.matches?(/[\w-]+.googlevideo.com/)
|
||||
return error_template(400, "Invalid \"host\" parameter.")
|
||||
end
|
||||
|
||||
host = "https://#{host}"
|
||||
url = "/videoplayback?#{query_params}"
|
||||
|
||||
headers = HTTP::Headers.new
|
||||
|
Loading…
Reference in New Issue
Block a user