diff --git a/src/api/client_server/media.rs b/src/api/client_server/media.rs
index 7c5375c3717ccab8c57ba194013404bb08b9c0e1..cb2de353618527e3922e76136475d6a26dff1ee9 100644
--- a/src/api/client_server/media.rs
+++ b/src/api/client_server/media.rs
@@ -432,7 +432,7 @@ fn url_request_allowed(addr: &IpAddr) -> bool {
}
async fn request_url_preview(url: &str) -> Result<UrlPreviewData> {
- let client = services().globals.default_client();
+ let client = services().globals.url_preview_client();
let response = client.head(url).send().await?;
if !response
diff --git a/src/service/globals/mod.rs b/src/service/globals/mod.rs
index e1173f6f38159fb6dbe1c22126ddc31231121af1..b3f0557fa4af426f7ad6b7594dda5edf5b1fc4cc 100644
--- a/src/service/globals/mod.rs
+++ b/src/service/globals/mod.rs
@@ -62,6 +62,7 @@ pub struct Service<'a> {
keypair: Arc<ruma::signatures::Ed25519KeyPair>,
dns_resolver: TokioAsyncResolver,
jwt_decoding_key: Option<jsonwebtoken::DecodingKey>,
+ url_preview_client: reqwest::Client,
federation_client: reqwest::Client,
default_client: reqwest::Client,
pub stable_room_versions: Vec<RoomVersionId>,
@@ -171,6 +172,7 @@ pub fn load(db: &'static dyn Data, config: Config) -> Result<Self> {
.as_ref()
.map(|secret| jsonwebtoken::DecodingKey::from_secret(secret.as_bytes()));
+ let url_preview_client = url_preview_reqwest_client_builder(&config)?.build()?;
let default_client = reqwest_client_builder(&config)?.build()?;
let federation_client = reqwest_client_builder(&config)?
.dns_resolver(Arc::new(Resolver::new(tls_name_override.clone())))
@@ -212,6 +214,7 @@ pub fn load(db: &'static dyn Data, config: Config) -> Result<Self> {
})?,
actual_destination_cache: Arc::new(RwLock::new(WellKnownMap::new())),
tls_name_override,
+ url_preview_client,
federation_client,
default_client,
jwt_decoding_key,
@@ -250,6 +253,13 @@ pub fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair {
&self.keypair
}
+ /// Returns a reqwest client which can be used to send requests for URL previews
+ /// This is the same as `default_client()` except a redirect policy of max 2 is set
+ pub fn url_preview_client(&self) -> reqwest::Client {
+ // Client is cheap to clone (Arc wrapper) and avoids lifetime issues
+ self.url_preview_client.clone()
+ }
+
/// Returns a reqwest client which can be used to send requests
pub fn default_client(&self) -> reqwest::Client {
// Client is cheap to clone (Arc wrapper) and avoids lifetime issues
@@ -596,3 +606,32 @@ fn reqwest_client_builder(config: &Config) -> Result<reqwest::ClientBuilder> {
Ok(reqwest_client_builder)
}
+
+fn url_preview_reqwest_client_builder(config: &Config) -> Result<reqwest::ClientBuilder> {
+ // for security reasons (e.g. malicious open redirect), we do not want to follow too many redirects when generating URL previews.
+ // let's keep it at least 2 to account for HTTP -> HTTPS upgrades, if it becomes an issue we can consider raising it to 3.
+ let redirect_policy = reqwest::redirect::Policy::custom(|attempt| {
+ if attempt.previous().len() > 2 {
+ attempt.error("Too many redirects (max is 2)")
+ } else {
+ attempt.follow()
+ }
+ });
+
+ let mut reqwest_client_builder = reqwest::Client::builder()
+ .pool_max_idle_per_host(0)
+ .connect_timeout(Duration::from_secs(60))
+ .timeout(Duration::from_secs(60 * 5))
+ .redirect(redirect_policy)
+ .user_agent(concat!(
+ env!("CARGO_PKG_NAME"),
+ "/",
+ env!("CARGO_PKG_VERSION")
+ ));
+
+ if let Some(proxy) = config.proxy.to_proxy()? {
+ reqwest_client_builder = reqwest_client_builder.proxy(proxy);
+ }
+
+ Ok(reqwest_client_builder)
+}