How can I restrict/blacklist certain file types?
I want to restrict users avatars to only allow jpeg, jpg, and png (NO .webp !)
And I want to not allow and block .webp and videos from being uploaded to:
[repository.upload]
[repository.release]
[attachment]
But allow everything else… how can I implement this effectively?
This is not configurable, it is hard coded in Gitea. See https://github.com/go-gitea/gitea/blob/main/modules/avatar/avatar.go#L50. If this is 100% needed, you will have to modify it and re-compile for short term and make GitHub feature request to see if developers will pick it up and add it in.
// for safety, only accept known types explicitly
if imgType != "png" && imgType != "jpeg" && imgType != "gif" && imgType != "webp" {
return nil, errors.New("unsupported avatar image type")
}
I am curious why you want this though, I can’t think of reason why blocking .webp for avatars but not for anything else.