Swell
Is it safe to open input permissions to the /:files endpoint for the front-end API?
#263
-
|
We want users of our webshop to be able to upload files when placing an order. To achieve this, we've opened input permissions to the PUT /:clients/:self/keys/<ID>{
"permissions": {
":files": {
"input": {
"fields": [
"content_type",
"data.$binary",
"data.$type",
"filename"
]
}
}
}
}This solutions works, files can now be uploaded with the front-end api with the set token. However, we are concerned whether this practice is considered unsafe. Does Swell have any rate limit or size limit in place for uploading files from the front-end API to ensure safe file uploads? Thanks in advance :) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
There is a size limit of 10MB per file currently. We’re planning to add data storage as a pricing dimension, but there should be a way to archive data to reduce cost as well |
Beta Was this translation helpful? Give feedback.
-
|
Aah that's sounds good, is there also any type of validation on the mime type of the uploaded files? |
Beta Was this translation helpful? Give feedback.
-
|
No explicit validation, but setting |
Beta Was this translation helpful? Give feedback.
There is a size limit of 10MB per file currently. We’re planning to add data storage as a pricing dimension, but there should be a way to archive data to reduce cost as well