hotfix

back/src/Services/MapFetcher.ts

@@ -10,9 +10,9 @@ class MapFetcher {
     async fetchMap(mapUrl: string): Promise<ITiledMap> {
         // Before trying to make the query, let's verify the map is actually on the open internet (and not a local test map)
 
-        if (await this.isLocalUrl(mapUrl)) {
+        //if (await this.isLocalUrl(mapUrl)) {
             throw new LocalUrlError('URL for map "' + mapUrl + '" targets a local map');
-        }
+        //}
 
         // Note: mapUrl is provided by the client. A possible attack vector would be to use a rogue DNS server that
         // returns local URLs. Alas, Axios cannot pin a URL to a given IP. So "isLocalUrl" and Axios.get could potentially
@@ -27,8 +27,7 @@ class MapFetcher {
         });
 
         if (!isTiledMap(res.data)) {
-            // HOTFIX ignore
-            // throw new Error("Invalid map format for map " + mapUrl);
+            throw new Error("Invalid map format for map " + mapUrl);
         }
 
         return res.data;