[FEATURE REQUEST] support for allowlisting uploads for improved security

[rjd22]

Is your feature request related to a problem? Please describe. At this moment you can deny what files are uploaded by the uploads.forbid configuration option. Most of the time applications have a really limited scope of files they want to process. Adding an uploads.allow_only option would improve server security by a lot because the user only needs to know what he wants to support.

Describe the solution you'd like Have a config option like the following, to only support uploading a limited set:

  # File uploading settings.
  uploads:
    # Allow only files with the following extensions to upload. This will overrule the `forbid` config option when not empty
    #
    # Default: []
    allow_only: [".jpg", ".png", ".doc", ".docx"]

[rustatian]

Hey @rjd22 . Thanks for the FR. Agree with you. Will plan this feature for the next after 2.6 release.

[rustatian]

@rjd22 Will be in the v2.6.0