Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(assets): file upload extension validation #391

Merged
merged 2 commits into from
Oct 15, 2023
Merged

feat(assets): file upload extension validation #391

merged 2 commits into from
Oct 15, 2023

Conversation

arashsheyda
Copy link
Member

@arashsheyda arashsheyda commented Aug 14, 2023
edited
Loading

this PR adds:

  • file extension validation
  • filter between uploaded file extensions
  • file upload button to access dropdown

but there is no token validation for adding extension(so there is still a security issue), is it a good idea to add a token? param to updateOptions RPC ?

assets-ext-val.mp4

@antfu
Copy link
Member

antfu commented Aug 14, 2023

Why do we need to valid the extension of uploads?

@arashsheyda
Copy link
Member Author

@antfu to be more safe, for example when accessing from a public network, we make sure that nothing harmful(e.g. an .exe file) can't be uploaded unless the user wants to.

@antfu
Copy link
Member

antfu commented Aug 15, 2023
edited
Loading

In that case, I think we should make it in the module options (nuxt.config.ts) that are not updatable from the client, and do the verification on the server side

@arashsheyda
Copy link
Member Author

@antfu sure! that cross my mind too. thanks

@antfu
Copy link
Member

antfu commented Oct 14, 2023

Could you help resolve the conflicts? Thanks!

@arashsheyda
Copy link
Member Author

Could you help resolve the conflicts? Thanks!

Sure! I'll try to do it today. thanks

@arashsheyda arashsheyda force-pushed the feat/assets-extension-validation branch from 506c36f to e43e930 Compare October 15, 2023 18:38
@arashsheyda arashsheyda reopened this Oct 15, 2023
@antfu antfu merged commit df623e0 into nuxt:main Oct 15, 2023
2 checks passed
@arashsheyda arashsheyda deleted the feat/assets-extension-validation branch October 15, 2023 19:58
@arashsheyda arashsheyda mentioned this pull request Nov 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@arashsheyda @antfu