_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hotfix

Browse Source
This commit is contained in:
_Bastler
2021-07-29 18:50:22 +02:00
parent 1c783d3769
commit cd961dc1cc
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
back/src/Services/MapFetcher.ts
+3 -4
View File
@@ -10,9 +10,9 @@ class MapFetcher {
async fetchMap(mapUrl: string): Promise<ITiledMap> { async fetchMap(mapUrl: string): Promise<ITiledMap> {
// Before trying to make the query, let's verify the map is actually on the open internet (and not a local test map) // Before trying to make the query, let's verify the map is actually on the open internet (and not a local test map)
if (await this.isLocalUrl(mapUrl)) { //if (await this.isLocalUrl(mapUrl)) {
throw new LocalUrlError('URL for map "' + mapUrl + '" targets a local map'); throw new LocalUrlError('URL for map "' + mapUrl + '" targets a local map');
} //}
// Note: mapUrl is provided by the client. A possible attack vector would be to use a rogue DNS server that // Note: mapUrl is provided by the client. A possible attack vector would be to use a rogue DNS server that
// returns local URLs. Alas, Axios cannot pin a URL to a given IP. So "isLocalUrl" and Axios.get could potentially // returns local URLs. Alas, Axios cannot pin a URL to a given IP. So "isLocalUrl" and Axios.get could potentially
@@ -27,8 +27,7 @@ class MapFetcher {
}); });
if (!isTiledMap(res.data)) { if (!isTiledMap(res.data)) {
// HOTFIX ignore throw new Error("Invalid map format for map " + mapUrl);
// throw new Error("Invalid map format for map " + mapUrl);
} }
return res.data; return res.data;