fede/prismlauncher-crack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow http://localhost for meta (#4477)

Browse Source
This commit is contained in:
TheKodeToad
2025-12-13 22:53:05 +00:00
committed by GitHub
parent 7eaaf6a224 d818f232e3
commit caa69ee204
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
launcher/ui/pages/global/APIPage.cpp
View File

@@ -172,13 +172,17 @@ void APIPage::applySettings()
path.append('/');
resourceURL.setPath(path);
}
auto isLocalhost = [](const QUrl& url) { return url.host() == "localhost" || url.host() == "127.0.0.1" || url.host() == "::1"; };
auto isUnsafe = [isLocalhost](const QUrl& url) { return !url.isEmpty() && url.scheme() == "http" && !isLocalhost(url); };
// Don't allow HTTP, since meta is basically RCE with all the jar files.
if (!metaURL.isEmpty() && metaURL.scheme() == "http") {
if (isUnsafe(metaURL)) {
metaURL.setScheme("https");
}
// Also don't allow HTTP
if (!resourceURL.isEmpty() && resourceURL.scheme() == "http") {
if (isUnsafe(resourceURL)) {
resourceURL.setScheme("https");
}