validate SSL certs by default (#692)
Required for integrations (GitHub, Twitter, etc.) but deliberately disabled when fetching titles.
This commit is contained in:
parent
d0d2c9b1f9
commit
1d9669491c
|
@ -915,6 +915,9 @@ class Story < ApplicationRecord
|
|||
begin
|
||||
s = Sponge.new
|
||||
s.timeout = 3
|
||||
# User submitted URLs may have an incorrect https certificate, but we
|
||||
# don't want to fail the retrieval for this. Security risk is minimal.
|
||||
s.ssl_verify = false
|
||||
user_agent = { "User-agent" => "#{Rails.application.domain} for #{fetching_ip}" }
|
||||
@fetched_content = s.fetch(url, :get, nil, nil, user_agent, 3).body.force_encoding('utf-8')
|
||||
rescue
|
||||
|
|
|
@ -40,7 +40,7 @@ class Sponge
|
|||
MAX_TIME = 60
|
||||
MAX_DNS_TIME = 5
|
||||
|
||||
attr_accessor :debug, :last_res, :timeout
|
||||
attr_accessor :debug, :last_res, :timeout, :ssl_verify
|
||||
|
||||
# rfc3330
|
||||
BAD_NETS = [
|
||||
|
@ -60,12 +60,14 @@ class Sponge
|
|||
# old api
|
||||
def self.fetch(url, headers = {}, limit = 10)
|
||||
s = Sponge.new
|
||||
s.ssl_verify = false # backward compatibility
|
||||
s.fetch(url, "get", nil, nil, headers, limit)
|
||||
end
|
||||
|
||||
def initialize
|
||||
@cookies = {}
|
||||
@timeout = MAX_TIME
|
||||
@ssl_verify = OpenSSL::SSL::VERIFY_PEER
|
||||
end
|
||||
|
||||
def set_cookie(host, name, val)
|
||||
|
@ -156,7 +158,7 @@ class Sponge
|
|||
host.use_ssl = true
|
||||
host.address = uri.host
|
||||
host.custom_conn_address = ip.to_s
|
||||
host.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
host.verify_mode = self.ssl_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
||||
end
|
||||
|
||||
send_headers = headers.dup
|
||||
|
|
|
@ -58,6 +58,9 @@ end
|
|||
def send_webmention(source, target, endpoint)
|
||||
sp = Sponge.new
|
||||
sp.timeout = 10
|
||||
# Don't check SSL certificate here for backward compatibility, security risk
|
||||
# is minimal.
|
||||
sp.ssl_verify = false
|
||||
sp.fetch(endpoint.to_s, :post, {
|
||||
"source" => URI.encode_www_form_component(source),
|
||||
"target" => URI.encode_www_form_component(target),
|
||||
|
|
Loading…
Reference in New Issue