Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS proxy: Consider constraining supporting Content-Types to reduce opportunities for abuse #1977

Open
brandonpayton opened this issue Nov 1, 2024 · 0 comments
Open

CORS proxy: Consider constraining supporting Content-Types to reduce opportunities for abuse #1977

brandonpayton opened this issue Nov 1, 2024 · 0 comments
Labels
[Package][@wp-playground] CORS Proxy [Type] Enhancement New feature or request

Comments

@brandonpayton
Copy link
Member

Perhaps constraining what response Content-Types the proxy allows will reduce the opportunities for abuse.

We could even adjust constraints based on URL. For example, maybe we don't always want to allow application/octet-stream but can allow it for URLs whose paths end with .zip, but maybe we could always allow "application/rss+xml" or "application/atom+xml".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[Package][@wp-playground] CORS Proxy [Type] Enhancement New feature or request
Projects
Playground Board
Status: Up next
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brandonpayton