fix: Ignores disableThirdPartyRequests when using data url.

Fixes #15725.
2025-12-30 03:12:29 +00:00 · 2025-03-07 17:04:42 -06:00
parent bd7b2c6e7a
commit 29663bcec2
2 changed files with 31 additions and 7 deletions
--- a/react/features/base/participants/middleware.ts
+++ b/react/features/base/participants/middleware.ts
@@ -30,6 +30,7 @@ import { MEDIA_TYPE } from '../media/constants';
 import MiddlewareRegistry from '../redux/MiddlewareRegistry';
 import StateListenerRegistry from '../redux/StateListenerRegistry';
 import { playSound, registerSound, unregisterSound } from '../sounds/actions';
+import { isImageDataURL } from '../util/uri';

 import {
    DOMINANT_SPEAKER_CHANGED,
@@ -689,15 +690,20 @@ function _participantJoinedOrUpdated(store: IStore, next: Function, action: AnyA
    // even if disableThirdPartyRequests is set to true in config
    if (getState()['features/base/config']?.hosts) {
        const { disableThirdPartyRequests } = getState()['features/base/config'];
+        const participantId = !id && local ? getLocalParticipant(getState())?.id : id;

-        if (!disableThirdPartyRequests && (avatarURL || email || id || name)) {
-            const participantId = !id && local ? getLocalParticipant(getState())?.id : id;
-            const updatedParticipant = getParticipantById(getState(), participantId);
+        if (avatarURL || email || id || name) {
+            if (!disableThirdPartyRequests) {
+                const updatedParticipant = getParticipantById(getState(), participantId);

-            getFirstLoadableAvatarUrl(updatedParticipant ?? { id: '' }, store)
-                .then((urlData?: { isUsingCORS: boolean; src: string; }) => {
-                    dispatch(setLoadableAvatarUrl(participantId, urlData?.src ?? '', Boolean(urlData?.isUsingCORS)));
-                });
+                getFirstLoadableAvatarUrl(updatedParticipant ?? { id: '' }, store)
+                    .then((urlData?: { isUsingCORS: boolean; src: string; }) => {
+                        dispatch(setLoadableAvatarUrl(
+                            participantId, urlData?.src ?? '', Boolean(urlData?.isUsingCORS)));
+                    });
+            } else if (isImageDataURL(avatarURL)) {
+                dispatch(setLoadableAvatarUrl(participantId, avatarURL, false));
+            }
        }
    }

--- a/react/features/base/util/uri.ts
+++ b/react/features/base/util/uri.ts
@@ -39,6 +39,14 @@ const _URI_AUTHORITY_PATTERN = '(//[^/?#]+)';
 */
 const _URI_PATH_PATTERN = '([^?#]*)';

+/**
+ * The {@link RegExp} pattern of the image data scheme.
+ *
+ * @private
+ * @type {RegExp}
+ */
+const IMG_DATA_URL: RegExp = /^data:image\/[a-z0-9\-.+]+;base64,/i;
+
 /**
 * The {@link RegExp} pattern of the protocol of a URI.
 *
@@ -690,3 +698,13 @@ export function sanitizeUrl(url?: string | URL): URL | null {

    return new URL(result);
 }
+
+/**
+ * Check whether the given url is a valid image data url.
+ *
+ * @param {string} url - The url to check.
+ * @returns {boolean} True if the url is a valid image data url, false otherwise.
+ */
+export function isImageDataURL(url: string): boolean {
+    return IMG_DATA_URL.test(url);
+}