Backend saves image from URL to local filesystem #25
Labels
No labels
Agent/Chrome-Android
Agent/Chrome-Desktop
Agent/Chrome-iOS
Agent/Firefox-Android
Agent/Firefox-Desktop
Agent/Firefox-iOS
Agent/Safari-Desktop
Agent/Safari-iOS
Code/Backend
Code/DevOps
Code/Frontend
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority/Critical
Priority/High
Priority/Low
Priority/Medium
Reviewed/Confirmed
Reviewed/Duplicate
Reviewed/Invalid
Reviewed/Won't Fix
Status/Abandoned
Status/Blocked
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
aniram/cidadon#25
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Something to be aware of is that this feature has been implemented in a way that if the API gets compromised the backend might be compromised too since the images the API returns are being saved to the server's filesystem, maybe I should put the images in a isolated folder or volume with limited access.
Originally posted by @aniram in #16 (comment)
Concerns:
i) The backend makes a request based on the URL from the img tag. Injection possible?
ii) The request goes to the external API and as part of the cache strategy the response body is saved on the local filesystem, I hope it's an image, but it could be anything. It could be also enormous and take all of the free space. Maybe I should set constraints for the file size. I should also isolate the avatar's folder from the rest of the backend.