Support remote URLs in Node.js and CLI
See original GitHub issueAs per the specifications external URLs for assets are not forbidden in gltfs for textures and .bins.
Somehow, the cli utility is trying to fetch the url from the current path:
error: ENOENT: no such file or directory, open '/Users/daniel/Desktop/https:/cdn.exmaple.io/dvpt-dg/shared_assets/files/000/001/465/9e3f8087b67dcaf4d1bed33bd23699b760637e6bf2e3a2c7883dc2e6933c9e04-optimised_jpg.jpg'
Am I missing something here?
I understand that validate
would say :
Non-relative URI found: 'https://....jpg'.glTF Validator(NON_RELATIVE_URI)
But this shouldn’t block the other cli commands.
Any thoughts?
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (6 by maintainers)
Top Results From Across the Web
URL | Node.js v19.3.0 Documentation
The node:url module provides two APIs for working with URLs: a legacy API that is Node.js specific, and a newer API that implements...
Read more >Build a JavaScript Command Line Interface (CLI) with Node.js
Lukas White and James Hibbard show how to create a simple command-line app that interacts with the GitHub API to initialize Git ...
Read more >How to Use Node.js and Github Webhooks to Keep Remote ...
Node.js and npm installed on the remote server using the official PPA, ... In the Payload URL field, enter http:// your_server_ip :8080 ....
Read more >how to require from URL in Node.js - javascript - Stack Overflow
As for the "execution of remote code"; these days, most node apps are initialized with npm install which pulls from the web. How...
Read more >Build a Command Line Application with Node.js
Node.js is a great solution for writing CLI apps. Node.js itself has built-in libraries for reading and writing files, launching other ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Fixed by @HexaField in https://github.com/donmccurdy/glTF-Transform/pull/462, with a few more changes to the API coming in #466. This will be published with v2.0.
Aside — a word on security. Be careful about accepting user-generated content (UGC) from untrusted sources. Users can do evil things. Suppose you have a server endpoint that accepts user-generated GLBs, compresses them, and sends them back to the user. The user could put an “image” into the GLB with a “URL” pointing at some secret file from your server’s disk, and NodeIO’s
writeBinary
method would read that secret file and embed it into the resulting GLB. While the addition of asetAllowHTTP(...)
method is convenient, this library doesn’t know your use cases and application context, and where UGC is involved you’ll probably want to be manually handling HTTP requests, checking URLs and paths on disk, and perhaps re-compressing images. Those risks aren’t new with support for HTTP requests, but it does add a couple more attack vectors when enabled.It might also be nice to expose an
io.setAllowFilesystem(bool)
method so that users can disable disk access if they don’t need it.