Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The imageUploadRemoteUrls should default to false #2323

Closed
dswitzer opened this issue Nov 7, 2017 · 3 comments
Closed

The imageUploadRemoteUrls should default to false #2323

dswitzer opened this issue Nov 7, 2017 · 3 comments

Comments

@dswitzer
Copy link

dswitzer commented Nov 7, 2017

Since the imageUploadRemoteUrls can send images to Froala servers, I suggest the default behavior of the imageUploadRemoteUrls option should be false.

Unless a person reads the documentation carefully, I think it's easy to miss that images may get proxied to https://cors-anywhere.froala.com which can lead to security concerns.

If the imageUploadRemoteUrls was defaulted to false, then this does not happen.

Users can always enable this option if they need the functionality.

@stefanneculai
Copy link
Contributor

@dswitzer most of the users want to have images which are inserted via an URL to be uploaded to their own server. imageUploadRemoveUrls option is being used only for helping the upload of images inserted via an URL and images inserted this way are public on the Internet anyway because if they wouldn't be public you couldn't access them. Images which go on https://cors-anywhere.froala.com are being deleted in a matter of minutes as they are the CORS service is using a Heroku Server just as described on https://github.com/Rob--W/cors-anywhere.

@dswitzer
Copy link
Author

dswitzer commented Nov 7, 2017

IMO, the security aspect of this is super critical. I think most users would be surprised that images being pasted are being passed through your servers. And well you may be deleting them, what if that changes? What if there's a bug and the files are being wiped?

I think it's great you're offering the service, but it should be something users opt-in to, not something that just happens. At a bare minimum, I think it has to be extremely clear that this is going to happen. I think most users upgrading from 2.7.0 to 2.7.1 would be surprised to find images might be getting sent to your servers.

@stefanneculai
Copy link
Contributor

stefanneculai commented Nov 8, 2017

Thanks for the feedback, @dswitzer. I just checked the code of the cors-anywhere lib and it actually doesn't download the image, but just makes a proxy for the CORS, so that the image can be accessed via JS. For now, we'll keep it like this and change that if there is another feedback in a different direction.

froala-bot added a commit that referenced this issue Dec 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants