Mirrors/thelounge
2
0
Fork 0
mirror of https://github.com/thelounge/thelounge synced 2025-02-16 21:28:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

linkPreviews: Enforce TLS validity

Browse source 
When a URL is prefixed with a TLS scheme, we should make sure
that the remote provides a valid cert, even just for prefetches.
Else MITM of such a site is trivial.

This probably breaks some people with self signed cert, but the
age where that was acceptable is past. We have free CAs now like
Let's Encrypt.
This commit is contained in:
Reto Brunner 2022-08-06 12:37:51 +02:00
parent 11f7ae98be
commit 621fa92036
1 changed files with 0 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
server/plugins/irc-events/link.ts
View file

@ -437,9 +437,6 @@ function fetch(uri: string, headers: Record<string, string>) {
retry: 0,
timeout: prefetchTimeout || 5000, // milliseconds
headers: getRequestHeaders(headers),
https: {
rejectUnauthorized: false,
},
});
gotStream