Headline
CVE-2022-4691: feat: add secure middleware (#832) · usememos/memos@c07b4a5
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
@@ -7,7 +7,6 @@ import (
“net/http”
“net/url”
“strconv”
“strings”
“time”
“github.com/usememos/memos/api”
@@ -263,11 +262,7 @@ func (s *Server) registerResourcePublicRoutes(g *echo.Group) {
return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to fetch resource ID: %v", resourceID)).SetInternal(err)
}
if strings.HasPrefix(resource.Type, echo.MIMETextHTML) {
c.Response().Writer.Header().Set("Content-Type", echo.MIMETextPlain)
} else {
c.Response().Writer.Header().Set("Content-Type", resource.Type)
}
c.Response().Writer.Header().Set("Content-Type", resource.Type)
c.Response().Writer.WriteHeader(http.StatusOK)
c.Response().Writer.Header().Set(echo.HeaderCacheControl, “max-age=31536000, immutable”)
if _, err := c.Response().Writer.Write(resource.Blob); err != nil {
Related news
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.