-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thumbnailer allows generating thumbnails for images shared as secure view only #9249
Comments
secureview should not generate a thumbnail. |
Not only images but as well txt files, which makes it even more critical |
@AlexAndBear with PR #9299 txt-files got accidentally fixed aswell 😆 |
@tbsbdr after a discussion with @dragonchaser I propose that we add a small info into the thumbnail readme that thumbnails will return a 403 (forbidden) for a thumbnail request that belongs to a secure view shared object when the share reciever accessses the data. we already have such info for 404 (unavailable) and too many requests (429). this readme change should directly go into the corresponding (and currently open) PR, see: #9299. pls advice. |
@AlexAndBear I was not aware of that, but that change would be needed anyway. Otherwise someone could craft a thumbnail link for a certain file and read the contents (as you said security...) |
Yeah, just wanted to update all people here in the ticket, so no one is under the impression web is still requesting endpoints, that should not be requested ;) |
When an image is shared in view only mode it should not be possible to fetch a thumbnail for it. Or not without a watermark.
The text was updated successfully, but these errors were encountered: