Nice project out there !
I've tried it and it seems you can overscale pictures, and get some insufficient memory usage.
Would it be possible to implement :
A config params (as environment variable) to prevent overscale (width or height, over original width or height)
A config params to define maximum allowed width or height in query params, returning an error if user goes above the value.
Also, it seems that every different size request is stored in e_image_derivative_backend table, so a anon user can fillup the disk with commands like :
for I in `seq 100 500`; do
curl -v https://picsur.domain.com/i/SOME_PICTURE_ID.jpg\?height\=$I
done
Hello,
Nice project out there ! I've tried it and it seems you can overscale pictures, and get some insufficient memory usage.
Would it be possible to implement :
Also, it seems that every different size request is stored in e_image_derivative_backend table, so a anon user can fillup the disk with commands like :
Any idea of a protection agains this ?
Thanks !