fix: harden SSRF protection for unauthenticated and user-level endpoints
- Add ValidateURLWithFetchSetting check before fetching MJ image URLs in RelayMidjourneyImage (unauthenticated endpoint) - Add ValidateURLWithFetchSetting check before fetching video URLs in VideoProxy (upstream-controlled URL) - Enable ApplyIPFilterForDomain by default to prevent DNS rebinding bypass of SSRF protection - Elevate FetchModels endpoint from AdminAuth to RootAuth - Update frontend: mark domain IP filtering as recommended, update description and i18n translations (zh-CN/zh-TW/en/fr/ja/ru/vi)
This commit is contained in:
@@ -108,7 +108,7 @@ const SystemSetting = () => {
|
||||
'fetch_setting.domain_list': [],
|
||||
'fetch_setting.ip_list': [],
|
||||
'fetch_setting.allowed_ports': [],
|
||||
'fetch_setting.apply_ip_filter_for_domain': false,
|
||||
'fetch_setting.apply_ip_filter_for_domain': true,
|
||||
});
|
||||
|
||||
const [originInputs, setOriginInputs] = useState({});
|
||||
@@ -847,7 +847,7 @@ const SystemSetting = () => {
|
||||
}
|
||||
style={{ marginBottom: 8 }}
|
||||
>
|
||||
{t('对域名启用 IP 过滤(实验性)')}
|
||||
{t('对域名启用 IP 过滤(推荐开启)')}
|
||||
</Form.Checkbox>
|
||||
<Text strong>
|
||||
{t(domainFilterMode ? '域名白名单' : '域名黑名单')}
|
||||
|
||||
Reference in New Issue
Block a user