Fully deprecate /api/v4/image endpoint when image proxy is disabled (#27595)

Co-authored-by: Mattermost Build <build@mattermost.com>

server/channels/api4/image.go

@@ -37,10 +37,17 @@ func getImage(c *Context, w http.ResponseWriter, r *http.Request) {
 		parsedURL.Host = siteURL.Host
 	}
 
-	// in case image proxy is enabled and we are fetching a remote image (NOT static or served by plugins), pass request to proxy
-	if *c.App.Config().ImageProxySettings.Enable && parsedURL.Host != siteURL.Host {
-		c.App.ImageProxy().GetImage(w, r, parsedURL.String())
-	} else {
-		http.Redirect(w, r, parsedURL.String(), http.StatusFound)
+	if *c.App.Config().ImageProxySettings.Enable {
+		// in case image proxy is enabled and we are fetching a remote image (NOT static or served by plugins), pass request to proxy
+		if parsedURL.Host != siteURL.Host {
+			c.App.ImageProxy().GetImage(w, r, parsedURL.String())
+		} else {
+			// Otherwise we redirect.
+			http.Redirect(w, r, parsedURL.String(), http.StatusFound)
+		}
+		return
 	}
+
+	// When proxy disabled this endpoint should fail as we don't support redirecting to external images any longer (MM-54477).
+	c.Err = model.NewAppError("getImage", "api.image.get.app_error", nil, "", http.StatusBadRequest)
 }

server/channels/api4/image_test.go

@@ -37,10 +37,10 @@ func TestGetImage(t *testing.T) {
 		require.NoError(t, err)
 		r.Header.Set(model.HeaderAuth, th.Client.AuthType+" "+th.Client.AuthToken)
 
+		// External images should not be allowed through this endpoint when proxy is disabled.
 		resp, err := th.Client.HTTPClient.Do(r)
 		require.NoError(t, err)
-		assert.Equal(t, http.StatusFound, resp.StatusCode)
-		assert.Equal(t, imageURL, resp.Header.Get("Location"))
+		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})
 
 	t.Run("atmos/camo", func(t *testing.T) {