mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2025-02-19 00:18:56 +01:00
f460297daf
Re: #3142 and #3658 When adding certain podcasts, the server encountered a redirect from an HTTP URL to an HTTPS domain, causing an error that was difficult for end users to diagnose without inspecting logs or HTML. This issue arose due to SSRF security measures that blocked such redirects. Instead of failing in these cases, we now detect when the error is caused by an HTTP-to-HTTPS upgrade. If confirmed, we upgrade the initial URL to HTTPS and resend the request. Since this change does not allow cross-protocol or cross-domain redirections, it remains secure while resolving most of the reported issues. Affected podcasts that are now fixed: - D&D is for Nerds - The New Yorker: The Writer's Voice - New Fiction from The New Yorker - Radiolab |
||
|---|---|---|
| .. | ||
| controllers | ||
| finders | ||
| libs | ||
| managers | ||
| migrations | ||
| models | ||
| objects | ||
| providers | ||
| routers | ||
| scanner | ||
| utils | ||
| Auth.js | ||
| Database.js | ||
| Logger.js | ||
| Server.js | ||
| SocketAuthority.js | ||
| Watcher.js | ||