Closed james1293 closed 5 years ago
I didn't see an Issue filed to go with this. So there is currently no way to allow any file attachment type? I have to say I would NEVER do that on my site - people could attach viruses of all kinds, then those attachments appear on the web page, to be downloaded by any allowed visitor. That feels like an invitation to trouble. No, I think we should continue to make it explicit. This feels like too wide of an open door.
Understood. Side question on GitHub best practices - should I have created an issue in addition to this PR? I didn't want to introduce unnecessary clutter, but I'm happy to follow standard procedures :-)
Not sure about etiquette, but the most common workflow is to start something as an issue, discuss it with participants, then do a pull request. But for things that are small or have an obvious solution, it's also common to post an issue and a PR at the same time.
What does everyone think about this? I am not a security expert, so feel free to shoot down the idea.