-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(assets): file upload extension validation #391
feat(assets): file upload extension validation #391
Conversation
Why do we need to valid the extension of uploads? |
@antfu to be more safe, for example when accessing from a public network, we make sure that nothing harmful(e.g. an .exe file) can't be uploaded unless the user wants to. |
In that case, I think we should make it in the module options (nuxt.config.ts) that are not updatable from the client, and do the verification on the server side |
@antfu sure! that cross my mind too. thanks |
Could you help resolve the conflicts? Thanks! |
Sure! I'll try to do it today. thanks |
506c36f
to
e43e930
Compare
this PR adds:
but there is no token validation for adding extension(so there is still a security issue), is it a good idea to add a
token?
param toupdateOptions
RPC ?assets-ext-val.mp4