Merge pull request #2629 from BrianHawley/fixes_2625

Support ssrf_filter 1.1
carrierwaveuploader · Nov 19, 2022 · 674d757 · 674d757
1 parent 32abf5b
commit 674d757
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -63,6 +63,8 @@ jobs:
           ${{ runner.os }}-gems-${{ matrix.ruby }}-
     - name: Setup ImageMagick policy
       run: sudo sh -c 'echo '\''<policymap><policy domain="coder" rights="read|write" pattern="PDF" /></policymap>'\'' > /etc/ImageMagick-6/policy.xml'
+    - name: Update package list
+      run: sudo apt update
     - name: Install ghostscript to process PDF
       run: sudo apt-get -y install ghostscript
     - name: Install libvips-dev for Carrierwave::Vips

diff --git a/Gemfile b/Gemfile
@@ -1,5 +1,7 @@
 source "https://rubygems.org"
 
 gem "activemodel-serializers-xml"
+# See https://github.com/fog/fog-google/issues/535 for this restriction.
+gem "fog-google", "~> 1.13.0" if RUBY_VERSION.to_f < 2.6
 
 gemspec
diff --git a/lib/carrierwave/downloader/base.rb b/lib/carrierwave/downloader/base.rb
@@ -29,8 +29,12 @@ def download(url, remote_headers = {})
             response = OpenURI.open_uri(process_uri(url.to_s), headers)
           else
             request = nil
-            response = SsrfFilter.get(uri, headers: headers) do |req|
-              request = req
+            if ::SsrfFilter::VERSION.to_f < 1.1
+              response = SsrfFilter.get(uri, headers: headers) do |req|
+                request = req
+              end
+            else
+              response = SsrfFilter.get(uri, headers: headers, request_proc: ->(req) { request = req })
             end
             response.uri = request.uri
             response.value