Skip to content
This repository has been archived by the owner on Aug 1, 2023. It is now read-only.

Query Param Allowlist #10

Open
peterjan opened this issue Feb 19, 2021 · 0 comments
Open

Query Param Allowlist #10

peterjan opened this issue Feb 19, 2021 · 0 comments
Assignees

Comments

@peterjan
Copy link

We currently do not perform any checks on what type of query string parameters are being proxied to siad.
We should have an allowlist of keys we decide are ok to get proxied to siad.
Everything else should get stripped.

Allowed keys:

"defaultpath"
"disabledefaultpath"
"dryrun"
"filename"
"mode"
"monetization"
"skykeyid"
"skykeyname"
"attachment"
"format"
"no-response-metadata"
"include-layout"
"timeout"
"siapath"
"root"
"force" (this should be controlled using the header `Skynet-Disable-Force`)
"convertpath"
@kwypchlo kwypchlo transferred this issue from SkynetLabs/skynet-webportal Jun 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants