Feature Request: Allow importing files from remote URLs #353
Labels
Comments
|
This opens a whole can of worms securitywise, which I'm not sure we can tackle properly (biggest issue being CSRF). Maybe a first step would be adding an allowlist of domains as a config option, so operators of transcribee instances can allow the ones they need. For example, we probably want to allow |
|
Why does this create CSRF issues? We could download the URL via the server and there is no need to authenticate the request IMO. |
|
Ah sorry, typo: SSRF |
|
I see... requesting internal locations would be bad... Is it feasible to block internal requests and request external locations without authentication? Is a TLD allowlist a sane option? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Instead of uploading a file, it would be great if I could give a URL to download the file from.
The text was updated successfully, but these errors were encountered: