Allow restricted operator usage #45
Comments
pi0
changed the title
|
This feature is quite critical. Through testing, we found that users can create approximately 500MB images by using "w50000 + enlarge." This directly leads to the website crashing (nuxt-img middleware). If possible, this should be prioritized as a high-priority issue. Alternatively, it would be preferable to prioritize enforcing the ability to enable or disable various modification parameters via environment variables, for example, enlarge: false, to prevent abuse. |
|
Through testing, it has been observed that Cloudinary's image enlargement is limited to approximately 8100px. By forcefully setting q_100, it is possible to obtain a 3.1 MB image. Apart from forcibly disabling enlarge, it might also be beneficial to enforce a maximum width and height, along with a relationship with quality settings, to prevent potential attacks on the server. Of course, the most fundamental solution should involve the implementation of access keys. |
|
Through api.nuxt.org, it is also possible to access extremely large files. Testing has shown that files exceeding 11000px seem to cause the server to become unresponsive. For example, a simple PNG image with dimensions of 11000px can result in a download size of 2.2MB. More complex images could potentially lead to a complete crash of the serverless service. If you have received this notification, please delete this post or modify its content to remove any potentially harmful material. Thank you. https://api.nuxtjs.org/api/ipx/enlarge,w_11000,f_png/gh/nuxt/modules/main/icons/pinia.svg 
|
Specifically on resizing (numeric) operators to avoid abusing server (related to #44)
The text was updated successfully, but these errors were encountered: