Skip to content
This repository has been archived by the owner on Sep 19, 2023. It is now read-only.

Commit

Permalink
Add warning about MIME type sniffing and security (#62)
Browse files Browse the repository at this point in the history 
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
  • Loading branch information
@reivilibre @clokep
reivilibre and clokep authored Dec 21, 2021
1 parent 3c9c18c commit c449177
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion config/default.config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,16 @@ middleware:
# requests.
picklePath: 'av_pickled_decryption.key'

# Optional. A list of accepted mime type.
# Optional. A list of accepted MIME types.
#
# WARNING! This cannot be relied on for security:
#
# it is possible to specially craft a file that looks like a different kind of file.
# As one example, it is possible for a file to be both a PNG file and a
# ZIP file yet will be detected as `image/png`.
# Further, it should be generally assumed that most file formats have a way to
# encode and attach extraneous data.
#
#acceptedMimeType:
# - 'image/jpeg'
# - 'image/jpg'
Expand Down

0 comments on commit c449177

Please sign in to comment.