Fully deprecate /api/v4/image endpoint when image proxy is disabled (#27595)

Co-authored-by: Mattermost Build <build@mattermost.com>
This commit is contained in:
Claudio Costa 2024-08-05 12:33:09 +02:00 committed by GitHub
parent 1158e6358c
commit f290745496
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 7 deletions

View File

@ -37,10 +37,17 @@ func getImage(c *Context, w http.ResponseWriter, r *http.Request) {
parsedURL.Host = siteURL.Host
}
// in case image proxy is enabled and we are fetching a remote image (NOT static or served by plugins), pass request to proxy
if *c.App.Config().ImageProxySettings.Enable && parsedURL.Host != siteURL.Host {
c.App.ImageProxy().GetImage(w, r, parsedURL.String())
} else {
http.Redirect(w, r, parsedURL.String(), http.StatusFound)
if *c.App.Config().ImageProxySettings.Enable {
// in case image proxy is enabled and we are fetching a remote image (NOT static or served by plugins), pass request to proxy
if parsedURL.Host != siteURL.Host {
c.App.ImageProxy().GetImage(w, r, parsedURL.String())
} else {
// Otherwise we redirect.
http.Redirect(w, r, parsedURL.String(), http.StatusFound)
}
return
}
// When proxy disabled this endpoint should fail as we don't support redirecting to external images any longer (MM-54477).
c.Err = model.NewAppError("getImage", "api.image.get.app_error", nil, "", http.StatusBadRequest)
}

View File

@ -37,10 +37,10 @@ func TestGetImage(t *testing.T) {
require.NoError(t, err)
r.Header.Set(model.HeaderAuth, th.Client.AuthType+" "+th.Client.AuthToken)
// External images should not be allowed through this endpoint when proxy is disabled.
resp, err := th.Client.HTTPClient.Do(r)
require.NoError(t, err)
assert.Equal(t, http.StatusFound, resp.StatusCode)
assert.Equal(t, imageURL, resp.Header.Get("Location"))
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
})
t.Run("atmos/camo", func(t *testing.T) {