Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use an allowlist for the crop endpoint #1366

Merged
merged 5 commits into from
Jul 18, 2024
Merged

fix: Use an allowlist for the crop endpoint #1366

merged 5 commits into from
Jul 18, 2024

Conversation

VaiTon
Copy link
Member

@VaiTon VaiTon commented Jul 16, 2024

What

  • Use an allowlist to limit the domains on which the crop operation is allowed.
  • It is a bad security practice to allow any url there

@VaiTon VaiTon requested a review from a team as a code owner July 16, 2024 23:38
@teolemon teolemon changed the title Use an allowlist for the crop endpoint fix: Use an allowlist for the crop endpoint Jul 17, 2024
raphael0202
raphael0202 reviewed Jul 18, 2024
View reviewed changes
@raphael0202
Copy link
Collaborator

Thank you for your PR!
I just added a suggestion to allow more domain (especially our S3 backup)

@raphael0202 raphael0202 merged commit c0bffb0 into openfoodfacts:main Jul 18, 2024
5 checks passed
@VaiTon VaiTon deleted the crop_allowlist branch July 19, 2024 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raphael0202 raphael0202 raphael0202 approved these changes

Assignees

@VaiTon VaiTon

Labels
robotoff app
Projects
🤖 Artificial Intelligence @ Open Food Facts
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@VaiTon @raphael0202 @teolemon