From 0b42cce8b9875bb76fda1e1d992d9bf3bb5a2bcb Mon Sep 17 00:00:00 2001
From: Jordan Frankfurt <jordanwfrankfurt@gmail.com>
Date: Wed, 9 Oct 2024 12:52:25 -0500
Subject: [PATCH] require response content-type be an image (#1052)

---
 apps/web/app/frames/img-proxy/route.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/web/app/frames/img-proxy/route.ts b/apps/web/app/frames/img-proxy/route.ts
index e7e1d47ea4..bc5890dd62 100644
--- a/apps/web/app/frames/img-proxy/route.ts
+++ b/apps/web/app/frames/img-proxy/route.ts
@@ -14,6 +14,11 @@ export async function GET(request: NextRequest) {
       throw new Error(`Failed to fetch image: ${response.statusText}`);
     }
     const contentType = response.headers.get('content-type');
+
+    if (!contentType || !contentType.startsWith('image') || contentType.includes('svg')) {
+      return NextResponse.json({ error: 'Unsupported content type' }, { status: 400 });
+    }
+
     const imageBuffer = await response.arrayBuffer();
     return new NextResponse(imageBuffer, {
       status: 200,
@@ -23,7 +28,6 @@ export async function GET(request: NextRequest) {
       },
     });
   } catch (error) {
-    console.error('Error fetching image:', error);
     return NextResponse.json({ error: 'Failed to fetch image' }, { status: 500 });
   }
 }