You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for your excellent work. I think I'm going to use this in my project.
I may be wrong but I think exposing the width/height parameters as a path/qs param is a security risk. One could for instance write a simple script which causes a DoS by letting it resize an asset in many many width/height formats.
You may be aware of this, but someone else maybe not. So I wouldn't encourage usages like that in the sample app.
Just a simple thought.
Cheers,
Kamil
The text was updated successfully, but these errors were encountered:
That's a valid point.
A solution would be to add all the resolutions that are allowed to the configuration section.
Feel free to submit a pull request, if you feel up to it :)
you may add simple route with predefined resolutions
GET /res/profile/:file se.digiplant.scalr.ScalrResAssets.at(file, width: Int = 200, height: Int = 200, source: String = "profile")
Hey there,
Thanks for your excellent work. I think I'm going to use this in my project.
I may be wrong but I think exposing the width/height parameters as a path/qs param is a security risk. One could for instance write a simple script which causes a DoS by letting it resize an asset in many many width/height formats.
You may be aware of this, but someone else maybe not. So I wouldn't encourage usages like that in the sample app.
Just a simple thought.
Cheers,
Kamil
The text was updated successfully, but these errors were encountered: