mirror of
https://github.com/gradio-app/gradio.git
synced 2025-01-24 10:54:04 +08:00
Fix SSRF vulnerability on /file=
route (#6794)
* ssrf * add changeset * awaits * checkout --------- Co-authored-by: gradio-pr-bot <gradio-pr-bot@users.noreply.github.com>
This commit is contained in:
parent
dc131b64f0
commit
7ba8c5da45
5
.changeset/rich-dragons-clap.md
Normal file
5
.changeset/rich-dragons-clap.md
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
"gradio": minor
|
||||
---
|
||||
|
||||
feat:Fix SSRF vulnerability on `/file=` route
|
@ -433,7 +433,7 @@ class App(FastAPI):
|
||||
@app.get("/file={path_or_url:path}", dependencies=[Depends(login_check)])
|
||||
async def file(path_or_url: str, request: fastapi.Request):
|
||||
blocks = app.get_blocks()
|
||||
if utils.validate_url(path_or_url):
|
||||
if client_utils.is_http_url_like(path_or_url):
|
||||
return RedirectResponse(
|
||||
url=path_or_url, status_code=status.HTTP_302_FOUND
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user