https://bugzilla.wikimedia.org/show_bug.cgi?id=40341
Sam Reed (reedy) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement --- Comment #8 from Sam Reed (reedy) <[email protected]> --- (In reply to comment #7) > Sorry for the delay in reviewing this. > > In general, I'm not a fan of our servers making http calls to arbitrary > urls-- > a hostile user could start messing with our backend servers directly, or run > attacks against other servers from our cluster, etc. > > Would it be possible to add a config of allowed methods, which gets checked, > and we allow users to upload, but not url import? Effectively what we're currently doing for HTTP sideloading from flickr -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
