Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

allowed_sources being ignored

See original GitHub issue

Having issues with allowed_domains ignoring our configuration and returning images from any unauthorised url.

Expected behaviour

https://our.thumborserver.org/t/1925x800/smart/static.externaldomain.com/img/arc_25699_g.jpg (not real url) should not be returning an image

Actual behaviour

any domain seems accepted by thumbor even if not included in allowed_sources

ALLOWED_SOURCES = [‘.+.domain1.com’, ‘.+.domain2.net’, ‘.+.domain3.es’]

Operating system

thumbor vo 6.5 on LXC debian container behind a nginx reverse proxy

Your thumbor.conf

Only including non-default public values:

MAX_WIDTH = 2400
MAX_HEIGHT = 3000
MAX_PIXELS = 35000000.0

#ALLOWED_SOURCES = #    [
#    ]
ALLOWED_SOURCES = ['.+.domain1.com', '.+.domain2.net', '.+.domain3.es']
QUALITY = 75

AUTO_WEBP = True

RESULT_STORAGE = 'thumbor.result_storages.file_storage'

LOADER = 'thumbor.loaders.file_loader_http_fallback'

FILE_LOADER_ROOT_PATH = '/home/webs-static/thumbor'


STORAGE_EXPIRATION_SECONDS = 300

FILE_STORAGE_ROOT_PATH = '/cache/thumbor'


DETECTORS = ["thumbor.detectors.feature_detector"]

OPTIMIZERS = [
  'thumbor.optimizers.jpegtran'
]

## Path for the jpegtran binary
## Defaults to: '/usr/bin/jpegtran'
JPEGTRAN_PATH = '/usr/bin/jpegtran'

FILTERS =     [
        'thumbor.filters.autojpg',
        'thumbor.filters.brightness',
        'thumbor.filters.colorize',
        'thumbor.filters.contrast',
        'thumbor.filters.rgb',
        'thumbor.filters.round_corner',
        'thumbor.filters.quality',
        'thumbor.filters.noise',
        'thumbor.filters.watermark',
        'thumbor.filters.equalize',
        'thumbor.filters.fill',
        'thumbor.filters.sharpen',
        'thumbor.filters.strip_exif',
        'thumbor.filters.strip_icc',
        'thumbor.filters.frame',
        'thumbor.filters.grayscale',
        'thumbor.filters.rotate',
        'thumbor.filters.format',
        'thumbor.filters.max_bytes',
        'thumbor.filters.convolution',
        'thumbor.filters.blur',
        'thumbor.filters.extract_focal',
        'thumbor.filters.focal',
        'thumbor.filters.no_upscale',
        'thumbor.filters.saturation',
        'thumbor.filters.max_age',
        'thumbor.filters.curve',
        'thumbor.filters.background_color',
        'thumbor.filters.upscale',
        'thumbor.filters.proportion',
        'thumbor.filters.stretch',
    ]

RESULT_STORAGE_EXPIRATION_SECONDS = 7200
RESULT_STORAGE_FILE_STORAGE_ROOT_PATH = '/cache/thumbor/results'

RESULT_STORAGE_STORES_UNSAFE = True

SENTRY_DSN_URL = 'http://xxxxxxxxxxxxxxxxxx@mon.domain.es:9000/6'

COMMUNITY_EXTENSIONS = [
    'tc_purger'
]

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
heynemanncommented, Jan 25, 2022

This seems to be a bug. Sorry for that. You can either wait for a fix, or you can create your own loader. Thanks for reporting!

0reactions
heynemanncommented, Jan 26, 2022

Actually released under 7.0.5 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

gitignore - Git - why is my source file ignored? - Stack Overflow
The question I have is whether the file is actually being ignored. (Git's check-ignore will tell you which rule matches a file, ...
Read more >
Ignore a source — Firefox Source Docs documentation
You can enable or disable ignoring a source file in a couple of ways: In the source list pane, right-click the filename and...
Read more >
What's at stake when facts are ignored? Here are 10 examples.
To give you a sense of what may be at stake, here are 10 data sources that answer important environmental questions with information ......
Read more >
Sonar.sources seems ignored - SonarQube
But it seems that sonar.sources is not working properly because SonarQube is considering tests file part of the coverage.
Read more >
Ignore issues - Snyk User Docs
An issue is ignored until ANY of the conditions happen, the ignore period expires, ... the issue shows who ignored it and allow...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Thumbor 7.0.0 upsizing all JPEG images to MAX_WIDTH/MAX_HEIGHT

Next page

AVIF support