How to properly restrict file types?

How can I restrict/blacklist certain file types?

I want to restrict users avatars to only allow jpeg, jpg, and png (NO .webp !)

And I want to not allow and block .webp and videos from being uploaded to:




But allow everything else… how can I implement this effectively?

This is not configurable, it is hard coded in Gitea. See If this is 100% needed, you will have to modify it and re-compile for short term and make GitHub feature request to see if developers will pick it up and add it in.

	// for safety, only accept known types explicitly
	if imgType != "png" && imgType != "jpeg" && imgType != "gif" && imgType != "webp" {
		return nil, errors.New("unsupported avatar image type")

I am curious why you want this though, I can’t think of reason why blocking .webp for avatars but not for anything else.