fix(recraft): F4 url re-host on upscale/vectorize + broaden svg sniff (review M1/L7)#117
Merged
Merged
Conversation
…aden svg sniff (review M1/L7) M1: the F4 anti-CDN-leak fallback (re-fetch a url-only Recraft result through the SSRF guard so the transient ~24h CDN url never reaches the client) was only on the generate path. requestImageTransform (upscale/vectorize) requested b64_json but had no fallback, so a style/endpoint that ignored response_format and returned a hosted url leaked it — defeating the signed-capability-URL contract for two of the four image tools. Factored the fallback into a shared rehostIfUrlOnly() and applied it to both paths; the transform passes its b64MimeType (png for upscale, image/svg+xml for vectorize) as the sniff fallback so a re-fetched SVG stays correctly stamped. L7: looksLikeSvg only matched a leading <?xml/<svg, so an SVG that opens with a comment or DOCTYPE before the root was mis-sniffed as image/png on the generate-path b64 case. It now scans a 512-byte prefix for an <svg tag anywhere, recognizing comment/DOCTYPE/xml-decl preambles. Tests: upscale + vectorize re-fetch a url-only result (no CDN url leaks, svg mime preserved); a comment/DOCTYPE-led SVG sniffs as image/svg+xml. Suite 692 -> 695. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: Jim Vinson <jim@vinson.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Batch C1 of the review fixes — completes the F4 anti-CDN-leak contract.
M1 (Medium, 3/3) — transform-path url-only fallback
The F4 fallback (re-fetch a url-only Recraft result through the SSRF guard so the transient ~24h CDN url never reaches the client) was only on the generate path.
requestImageTransform(upscale/vectorize) requestedb64_jsonbut had no fallback, so a style/endpoint that ignoredresponse_formatand returned a hosted url leaked it — defeating the signed-capability-URL contract for 2 of the 4 image tools. Factored into a sharedrehostIfUrlOnly()applied to both paths; the transform passes itsb64MimeType(png for upscale,image/svg+xmlfor vectorize) as the sniff fallback so a re-fetched SVG stays correctly stamped.L7 (Low, 2/3) — svg sniff misses comment/DOCTYPE preamble
looksLikeSvgonly matched a leading<?xml/<svg, so an SVG opening with a comment or DOCTYPE was mis-sniffed asimage/pngon the generate-path b64 case. Now scans a 512-byte prefix for an<svgtag anywhere.Tests
upscale + vectorize re-fetch a url-only result (no CDN url leaks, svg mime preserved); a comment/DOCTYPE-led SVG sniffs as
image/svg+xml. Suite 692 → 695. Typecheck + lint clean.🤖 Generated with Claude Code