store_url: only accept identity content encoding

Some servers (like IPFS gateways) will use chunked transfer encoding on anything but identity content encoding. Also, probably fix a potential zip bomb vulnerability.
author: Martin Herkt <lachs0r@srsfckn.biz> 2017-10-30 05:36:03 +0100
committer: Martin Herkt <lachs0r@srsfckn.biz> 2017-10-30 05:36:03 +0100
commit: b2d830e2aaca9344593c9dc40c06b3713ccc1b5e (patch)
tree: a184304ca750307b36778db09864e25844e39ab9
parent: 04b46bd01a78c19f8b0a0189f0b30f554cd62691 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/fhost.py b/fhost.py
index 75986bc..283c9a2 100755
--- a/fhost.py
+++ b/fhost.py
@@ -234,7 +234,8 @@ def store_url(url, addr):
     if is_fhost_url(url):
         return segfault(508)
 
-    r = requests.get(url, stream=True, verify=False)
+    h = { "Accept-Encoding" : "identity" }
+    r = requests.get(url, stream=True, verify=False, headers=h)
 
     try:
         r.raise_for_status()
author	Martin Herkt <lachs0r@srsfckn.biz>	2017-10-30 05:36:03 +0100
committer	Martin Herkt <lachs0r@srsfckn.biz>	2017-10-30 05:36:03 +0100
commit	b2d830e2aaca9344593c9dc40c06b3713ccc1b5e (patch)
tree	a184304ca750307b36778db09864e25844e39ab9
parent	04b46bd01a78c19f8b0a0189f0b30f554cd62691 (diff)