Reject non-TLS URLs in HTTP File Upload (#1098)
* Reject non-TLS URLs in HTTP File Upload This is a MUST in the XEP. * Update 0363_http_file_upload.vala Co-authored-by: fiaxh <fiaxh@users.noreply.github.com>
This commit is contained in:
parent
e7500138a9
commit
905f93bccc
|
@ -72,6 +72,11 @@ public class Module : XmppStreamModule {
|
|||
Idle.add((owned) callback);
|
||||
return;
|
||||
}
|
||||
if (!url_get.down().has_prefix("https://") || !url_put.down().has_prefix("https://")) {
|
||||
e = new HttpFileTransferError.SLOT_REQUEST("Error getting upload/download url: Received non-https URL from server");
|
||||
Idle.add((owned) callback);
|
||||
return;
|
||||
}
|
||||
|
||||
slot_result.headers = new HashMap<string, string>();
|
||||
|
||||
|
|
Loading…
Reference in a new issue