Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
beagle-im
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _clients beagle-im Issues #172
Beagle checks received URL (#172)
Closed
Bartosz Małkowski opened 5 years ago

Beagle shouldn't check all URLs received in chat. it is very insecure (easy way to track user, identify his IP, or something else). Also, if I receive one-time URL, then beagle immediately invalidates it.

My suggestions:

  1. check only urls with image file extension
  2. add configuration option to make this image download optional
Andrzej Wójcik (Tigase) commented 5 years ago

@bmalkow could you check if there is a way to detect if this is a one time url or not? Is one time url only for GET requests or it is invalidated by HEAD request as well?
Andrzej Wójcik (Tigase) commented 5 years ago

Or maybe you could point me to the service which generates one time URLs so I could look into that issue.
Andrzej Wójcik (Tigase) commented 5 years ago

There is currently an option to set image preview max size. If set to 0, then Beagle is not checking the URLs
Bartosz Małkowski commented 5 years ago

It was just a hypothetical example with one time url. But for sure, when someone sent me URL to some service, immediately in this services log was entry with the url.
Andrzej Wójcik (Tigase) commented 4 years ago

This should be now fixed.
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Andrzej Wójcik (Tigase)
Version
4.0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_clients/beagle-im#172
Please wait...
Page is in error, reload to recover