diff options
author | Martin Herkt <lachs0r@srsfckn.biz> | 2017-10-30 05:36:03 +0100 |
---|---|---|
committer | Martin Herkt <lachs0r@srsfckn.biz> | 2017-10-30 05:36:03 +0100 |
commit | b2d830e2aaca9344593c9dc40c06b3713ccc1b5e (patch) | |
tree | a184304ca750307b36778db09864e25844e39ab9 | |
parent | 04b46bd01a78c19f8b0a0189f0b30f554cd62691 (diff) |
store_url: only accept identity content encoding
Some servers (like IPFS gateways) will use chunked transfer encoding on
anything but identity content encoding. Also, probably fix a potential
zip bomb vulnerability.
-rwxr-xr-x | fhost.py | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -234,7 +234,8 @@ def store_url(url, addr): if is_fhost_url(url): return segfault(508) - r = requests.get(url, stream=True, verify=False) + h = { "Accept-Encoding" : "identity" } + r = requests.get(url, stream=True, verify=False, headers=h) try: r.raise_for_status() |