Skip to content

Commit

Permalink
chore: change 'Accounts_AvatarBlockUnauthenticatedAccess' default val…
Browse files Browse the repository at this point in the history
…ue from false to true (#33035)
  • Loading branch information
julio-cfa authored Aug 16, 2024
1 parent 17f3d5e commit 9048692
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 4 deletions.
15 changes: 12 additions & 3 deletions apps/meteor/server/routes/avatar/middlewares/auth.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,20 @@
import { userCanAccessAvatar } from '../utils';
import { userCanAccessAvatar, renderSVGLetters } from '../utils';

// protect all avatar endpoints
export const protectAvatars = async (req, res, next) => {
if (!(await userCanAccessAvatar(req))) {
res.writeHead(403);
res.write('Forbidden');
let roomOrUsername;

if (req.url.startsWith('/room')) {
roomOrUsername = req.url.split('/')[2] || 'Room';
} else {
roomOrUsername = req.url.split('/')[1] || 'Anonymous';
}

res.writeHead(200, { 'Content-Type': 'image/svg+xml' });
res.write(renderSVGLetters(roomOrUsername, 200));
res.end();

return;
}

Expand Down
2 changes: 1 addition & 1 deletion apps/meteor/server/settings/accounts.ts
Original file line number Diff line number Diff line change
Expand Up @@ -760,7 +760,7 @@ export const createAccountSettings = () =>
i18nDescription: 'Accounts_AvatarCacheTime_description',
});

await this.add('Accounts_AvatarBlockUnauthenticatedAccess', false, {
await this.add('Accounts_AvatarBlockUnauthenticatedAccess', true, {
type: 'boolean',
public: true,
});
Expand Down

0 comments on commit 9048692

Please sign in to comment.