FreeCAD-Homepage icon indicating copy to clipboard operation
FreeCAD-Homepage copied to clipboard
verified publisher icon FreeCAD

Update proxy-xml.php

Open alanEG opened this issue 8 months ago • 4 comments

Security improvement

alanEG avatar Jul 14 '25 09:07 alanEG

@alanEG Thanks for your initial contribution. I had to do something like this because of cors. Actually, this code doesn't do anything. But I don't believe there should be any security for this.

Reqrefusion avatar Aug 02 '25 18:08 Reqrefusion

Hi, I added the whitelist to prevent SSRF and file system access via file://, which is possible with the original code. Even if it's only used for CORS, adding basic security helps prevent the server from being exposed to potential attacks.

alanEG avatar Aug 02 '25 19:08 alanEG

is this good to go?

maxwxyz avatar Oct 26 '25 15:10 maxwxyz

Hey @maxwxyz,

Yeah, I made a few changes, and I would say it’s looking good to go.

alanEG avatar Oct 26 '25 21:10 alanEG