Fix SSRF vulnerability on /file= route (#6794)

* ssrf

* add changeset

* awaits

* checkout

---------

Co-authored-by: gradio-pr-bot <gradio-pr-bot@users.noreply.github.com>
This commit is contained in:
Abubakar Abid 2023-12-14 14:10:24 -08:00 committed by GitHub
parent dc131b64f0
commit 7ba8c5da45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions

View File

@ -0,0 +1,5 @@
---
"gradio": minor
---
feat:Fix SSRF vulnerability on `/file=` route

View File

@ -433,7 +433,7 @@ class App(FastAPI):
@app.get("/file={path_or_url:path}", dependencies=[Depends(login_check)])
async def file(path_or_url: str, request: fastapi.Request):
blocks = app.get_blocks()
if utils.validate_url(path_or_url):
if client_utils.is_http_url_like(path_or_url):
return RedirectResponse(
url=path_or_url, status_code=status.HTTP_302_FOUND
)