Sign media URLs to avoid becoming an open proxy

Signatures are valid for ~1 week.
2025-06-05 21:59:23 +02:00 · 2022-11-04 01:59:40 -07:00
parent 540b9d1470
commit a4cfd65009
4 changed files with 41 additions and 9 deletions
--- a/app/templates.py
+++ b/app/templates.py
@@ -60,12 +60,7 @@ def _filter_domain(text: str) -> str:
 def _media_proxy_url(url: str | None) -> str:
    if not url:
        return BASE_URL + "/static/nopic.png"
-
-    if url.startswith(BASE_URL):
-        return url
-
-    encoded_url = base64.urlsafe_b64encode(url.encode()).decode()
-    return BASE_URL + f"/proxy/media/{encoded_url}"
+    return proxied_media_url(url)


 def is_current_user_admin(request: Request) -> bool: