go/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-01-23 11:14:48 +02:00
Code Releases Activity

Update docs

Browse Source
This commit is contained in:
DarthSim 2023-02-02 16:11:26 +03:00
parent 192802766e
commit ccc2d8fee3
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/configuration.md
View File

@ -97,8 +97,10 @@ You can limit allowed source URLs with the following variable:
* `IMGPROXY_ALLOWED_SOURCES`: a whitelist of source image URL prefixes divided by comma. Wildcards can be included with `*` to match all characters except `/`. When blank, imgproxy allows all source image URLs. Example: `s3://,https://*.example.com/,local://`. Default: blank * `IMGPROXY_ALLOWED_SOURCES`: a whitelist of source image URL prefixes divided by comma. Wildcards can be included with `*` to match all characters except `/`. When blank, imgproxy allows all source image URLs. Example: `s3://,https://*.example.com/,local://`. Default: blank
**⚠️Warning:** Be careful when using this config to limit source URL hosts, and always add a trailing slash after the host. **⚠️Warning:** Be careful when using this config to limit source URL hosts, and always add a trailing slash after the host.
* Bad: `http://example.com`
* Good: `http://example.com/` ❌ Bad: `http://example.com`
✅ Good: `http://example.com/`
If the trailing slash is absent, `http://example.com@baddomain.com` would be a permissable URL, however, the request would be made to `baddomain.com`. If the trailing slash is absent, `http://example.com@baddomain.com` would be a permissable URL, however, the request would be made to `baddomain.com`.
* `IMGPROXY_SANITIZE_SVG`: when true, imgproxy will remove scripts from SVG images to prevent XSS attacks. Defaut: `true` * `IMGPROXY_SANITIZE_SVG`: when true, imgproxy will remove scripts from SVG images to prevent XSS attacks. Defaut: `true`