rafimaryudwika
commented
7 months ago IMO, it's possible to mitigate image-resize attack by reading modifier from body of request as well, but it should implement HTTP POST method instead GET in current version. It's better to add Very Strict Mode which only allows modifier from HTTP request only so it will increase security.
I want to implement them sometime too.
I have been using this plugin, and while it provides great functionality, but I have noticed two key functions that are missing which would greatly improve the plugin's functionality.
Presets: Allowing users to apply preset rules as modifiers. This would streamline the process of applying specific sets of modifiers to images, making the plugin more efficient and user-friendly.
Strict Mode: would disable the use of arbitrary modifiers. In this mode, only presets and allowed modifiers specified in the config would be used to modify images. This would prevent potential image-resize attacks on our server, ensuring the security of our system.
I am willing to contribute to the development of these features if necessary. I believe they would be a valuable addition to the plugin.
Thank you for your consideration.