feat: Add Parse.File.url validation with config fileUpload.allowedFileUrlDomains against SSRF attacks (#10044)

2026-02-07 17:03:39 +00:00
parent 9e07ca6d3b
commit 4c9c9489f0
16 changed files with 619 additions and 2 deletions
--- a/types/Options/index.d.ts
+++ b/types/Options/index.d.ts
@@ -236,6 +236,7 @@ export interface PasswordPolicyOptions {
    resetPasswordSuccessOnInvalidEmail?: boolean;
 }
 export interface FileUploadOptions {
+    allowedFileUrlDomains?: string[];
    fileExtensions?: (string[]);
    enableForAnonymousUser?: boolean;
    enableForAuthenticatedUser?: boolean;