Code Monkey home page Code Monkey logo

Comments (10)

waynehoover avatar waynehoover commented on August 22, 2024

Maybe the start-with field should be required... I'm thinking it should default to 'uploads' . This might break some peoples implementations, but its easy to fix and I think a needed security measure.

#56 addresses this.

from s3_direct_upload.

tspacek avatar tspacek commented on August 22, 2024

I agree that it should be required and default to 'uploads/'.

Do you think it should also raise an exception if it's not set to the stem of the key, or blank? Perhaps that's not required as the S3 error responses are quite self-explanatory.

from s3_direct_upload.

uberllama avatar uberllama commented on August 22, 2024

Just came back to working on my uploader and ran into this very same concern. Thanks for getting the fix in, guys. This is a critical security issue. Can we look forward to a new release with this fix + the jqeury 1.9 fix soon?

from s3_direct_upload.

waynehoover avatar waynehoover commented on August 22, 2024

yes. I'll bump the version tomorrow.

from s3_direct_upload.

uberllama avatar uberllama commented on August 22, 2024

Sweet, thanks.

from s3_direct_upload.

waynehoover avatar waynehoover commented on August 22, 2024

I have just released version 0.1.0 that defaults key_starts_with to 'uploads/'.

from s3_direct_upload.

arfl avatar arfl commented on August 22, 2024

You defaults key_starts_with to 'uploads/' but you never use it. Your key method does not use this configuration option. Why?

from s3_direct_upload.

waynehoover avatar waynehoover commented on August 22, 2024

Internally it will always be 'uploads/' until the user changes it. Then they must also change the key. Do you have a better implementation? Maybe one where they don't have to change key? just key_starts_with?

from s3_direct_upload.

waynehoover avatar waynehoover commented on August 22, 2024

@arfl I think I see what you are getting at. I have refactored this here: 3227bd0

from s3_direct_upload.

arfl avatar arfl commented on August 22, 2024

That's what I meant... Cool

from s3_direct_upload.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.