♻️(backend) stop returning a 415 on cors-proxy endpoint

When the content-type return by the targeted url is not an image, the endpoint was returning a 415 status code. We don't want to provide this info anymore avoid disclosing information an attacker can use.
2025-12-09 17:14:39 +01:00
parent f28da7c2c2
commit 2556823a69
2 changed files with 4 additions and 2 deletions
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -1810,7 +1810,8 @@ class DocumentViewSet(

            if not content_type.startswith("image/"):
                return drf.response.Response(
-                    status=status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
+                    {"detail": "Invalid URL used."},
+                    status=status.HTTP_400_BAD_REQUEST
                )

            # Use StreamingHttpResponse with the response's iter_content to properly stream the data