diff options
Diffstat (limited to 'config/imagemagick/policy.xml')
-rw-r--r-- | config/imagemagick/policy.xml | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/config/imagemagick/policy.xml b/config/imagemagick/policy.xml deleted file mode 100644 index 2730a9f84e3..00000000000 --- a/config/imagemagick/policy.xml +++ /dev/null @@ -1,27 +0,0 @@ -<policymap> - <!-- Set some basic system resource limits --> - <policy domain="resource" name="time" value="60" /> - - <policy domain="module" rights="none" pattern="URL" /> - - <policy domain="filter" rights="none" pattern="*" /> - - <!-- - Ideally, we would restrict ImageMagick to only accessing its own - disk-backed pixel cache as well as Mastodon-created Tempfiles. - - However, those paths depend on the operating system and environment - variables, so they can only be known at runtime. - - Furthermore, those paths are not necessarily shared across Mastodon - processes, so even creating a policy.xml at runtime is impractical. - - For the time being, only disable indirect reads. - --> - <policy domain="path" rights="none" pattern="@*" /> - - <!-- Disallow any coder by default, and only enable ones required by Mastodon --> - <policy domain="coder" rights="none" pattern="*" /> - <policy domain="coder" rights="read | write" pattern="{JPEG,PNG,GIF,WEBP,HEIC,AVIF}" /> - <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO,ICO}" /> -</policymap> |