Drop media proxy same-domain default for base_url

Even more than with user uploads, a same-domain proxy setup bears significant security risks due to serving untrusted content under the main domain space. A risky setup like that should never be the default.
2024-11-09 09:52:13 +00:00 · 2024-03-10 18:57:40 +00:00 · 2024-03-10 18:57:40 +00:00 · fc36b04016
parent 11ae8344eb
commit fc36b04016
2 changed files with 23 additions and 6 deletions
--- a/docs/docs/configuration/howto_mediaproxy.md
+++ b/docs/docs/configuration/howto_mediaproxy.md
@ -6,7 +6,16 @@ With the `mediaproxy` function you can use nginx to cache this content, so users

 ## Activate it

-* Edit your nginx config and add the following location: 
+* Edit your nginx config and add the following location to your main server block:
+```
+location /proxy {
+        return 404;
+}
+```
+
+* Set up a subdomain for the proxy with its nginx config on the same machine
+  *(the latter is not strictly required, but for simplicity we’ll assume so)*
+* In this subdomain’s server block add
 ```
 location /proxy {
        proxy_cache akkoma_media_cache;
@ -26,9 +35,9 @@ config :pleroma, :media_proxy,
      enabled: true,
      proxy_opts: [
            redirect_on_failure: true
-      ]
-      #base_url: "https://cache.akkoma.social"
+      ],
+      base_url: "https://cache.akkoma.social"
 ```
-If you want to use a subdomain to serve the files, uncomment `base_url`, change the url and add a comma after `true` in the previous line.
+You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.

 * Restart nginx and Akkoma
--- a/lib/pleroma/web/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy.ex
@ -14,6 +14,8 @@ defmodule Pleroma.Web.MediaProxy do

  @cachex Pleroma.Config.get([:cachex, :provider], Cachex)

+  @mix_env Mix.env()
+
  def cache_table, do: @cache_table

  @spec in_banned_urls(String.t()) :: boolean()
@ -144,8 +146,14 @@ defmodule Pleroma.Web.MediaProxy do
    if path = URI.parse(url_or_path).path, do: Path.basename(path)
  end

-  def base_url do
-    Config.get([:media_proxy, :base_url], Endpoint.url())
+  if @mix_env == :test do
+    def base_url do
+      Config.get([:media_proxy, :base_url], Endpoint.url())
+    end
+  else
+    def base_url do
+      Config.get!([:media_proxy, :base_url])
+    end
  end

  defp proxy_url(path, sig_base64, url_base64, filename) do