Fix SSRF vulnerability on /file= route (#6794)

* ssrf * add changeset * awaits * checkout --------- Co-authored-by: gradio-pr-bot <gradio-pr-bot@users.noreply.github.com>
gradio-app · Dec 14, 2023 · 7ba8c5d · 7ba8c5d
1 parent dc131b6
commit 7ba8c5d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/.changeset/rich-dragons-clap.md b/.changeset/rich-dragons-clap.md
@@ -0,0 +1,5 @@
+---
+"gradio": minor
+---
+
+feat:Fix SSRF vulnerability on `/file=` route
diff --git a/gradio/routes.py b/gradio/routes.py
@@ -433,7 +433,7 @@ async def reverse_proxy(url_path: str):
         @app.get("/file={path_or_url:path}", dependencies=[Depends(login_check)])
         async def file(path_or_url: str, request: fastapi.Request):
             blocks = app.get_blocks()
-            if utils.validate_url(path_or_url):
+            if client_utils.is_http_url_like(path_or_url):
                 return RedirectResponse(
                     url=path_or_url, status_code=status.HTTP_302_FOUND
                 )