aboutsummaryrefslogtreecommitdiff
path: root/src/client
diff options
context:
space:
mode:
Diffstat (limited to 'src/client')
-rw-r--r--src/client/QXmppHttpUploadManager.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/client/QXmppHttpUploadManager.cpp b/src/client/QXmppHttpUploadManager.cpp
index 5723246d..728956e5 100644
--- a/src/client/QXmppHttpUploadManager.cpp
+++ b/src/client/QXmppHttpUploadManager.cpp
@@ -316,6 +316,14 @@ std::shared_ptr<QXmppHttpUpload> QXmppHttpUploadManager::uploadFile(QIODevice *d
upload->d->reportFinished();
} else {
auto slot = std::get<QXmppHttpUploadSlotIq>(std::move(result));
+
+ if (slot.getUrl().scheme() != "https" || slot.putUrl().scheme() != "https") {
+ auto message = QStringLiteral("The server replied with an insecure non-https url. This is forbidden by XEP-0363.");
+ upload->d->reportError(QXmppError { std::move(message), {} });
+ upload->d->reportFinished();
+ return;
+ }
+
upload->d->getUrl = slot.getUrl();
QNetworkRequest request(slot.putUrl());
generated by cgit v1.2.3 (git 2.39.1) at 2026-06-09 11:38:47 +0000