Skip to content

GitLab

Commit 77b1edcd authored by Timothy J. Baek's avatar Timothy J. Baek
Browse files

fix: allowed hosts

parent edeff20e
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 0 deletions
backend/apps/ollama/main.py
View file @ 77b1edcd
...@@ -970,6 +970,13 @@ def parse_huggingface_url(hf_url): ...@@ -970,6 +970,13 @@ def parse_huggingface_url(hf_url):
async def download_file_stream( async def download_file_stream(
ollama_url, file_url, file_path, file_name, chunk_size=1024 * 1024 ollama_url, file_url, file_path, file_name, chunk_size=1024 * 1024
): ):
allowed_hosts = ["https://huggingface.co/", "https://github.com/"]
if not any(file_url.startswith(host) for host in allowed_hosts):
raise ValueError(
"Invalid file_url. Only URLs from allowed hosts are permitted."
)
done = False done = False
if os.path.exists(file_path): if os.path.exists(file_path):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment