mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-07-16 05:33:49 +03:00
Added untrusted server fetching control
WKHTMLtoPDF provides limited control for external fetching so that will now be disabled by default unless ALLOW_UNTRUSTED_SERVER_FETCHING=true is specifically set. This new option will also control DOMPDF fetching.
This commit is contained in:
@@ -36,6 +36,11 @@ return [
|
||||
// Even when overridden the WYSIWYG editor may still escape script content.
|
||||
'allow_content_scripts' => env('ALLOW_CONTENT_SCRIPTS', false),
|
||||
|
||||
# Allow server-side fetches to be performed to potentially unknown
|
||||
# and user-provided locations. Primarily used in exports when loading
|
||||
# in externally referenced assets.
|
||||
'allow_untrusted_server_fetching' => env('ALLOW_UNTRUSTED_SERVER_FETCHING', false),
|
||||
|
||||
// Override the default behaviour for allowing crawlers to crawl the instance.
|
||||
// May be ignored if view has be overridden or modified.
|
||||
// Defaults to null since, if not set, 'app-public' status used instead.
|
||||
|
||||
Reference in New Issue
Block a user