https://bugzilla.wikimedia.org/show_bug.cgi?id=40341
--- Comment #7 from Chris Steipp <[email protected]> --- Sorry for the delay in reviewing this. In general, I'm not a fan of our servers making http calls to arbitrary urls-- a hostile user could start messing with our backend servers directly, or run attacks against other servers from our cluster, etc. Would it be possible to add a config of allowed methods, which gets checked, and we allow users to upload, but not url import? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
