Disallow Lists
Disallow lists let you restrict which image formats and transforms PreviewProxy will accept. This reduces attack surface by preventing processing of formats or operations that your application does not need.
tip
Use disallow lists to limit attack surface. For example, if you only serve WebP output, block all other output formats so that no other format can be requested.
INPUT_DISALLOW_LIST
Blocks requests where the source image is of a specific format.
INPUT_DISALLOW_LIST=pdf,psd,video
Accepted tokens:
| Token | Blocks |
|---|---|
jpeg | JPEG source images |
png | PNG source images |
gif | GIF source images |
webp | WebP source images |
avif | AVIF source images |
jxl | JPEG XL source images |
bmp | BMP source images |
tiff | TIFF source images |
pdf | PDF source documents |
psd | Photoshop PSD files |
video | Video file inputs |
OUTPUT_DISALLOW_LIST
Blocks requests that ask for a specific output format via the format parameter.
OUTPUT_DISALLOW_LIST=bmp,tiff,ico
Accepted tokens:
| Token | Blocks |
|---|---|
jpeg | JPEG output |
png | PNG output |
gif | GIF output |
webp | WebP output |
avif | AVIF output |
jxl | JPEG XL output |
bmp | BMP output |
tiff | TIFF output |
ico | ICO output |
TRANSFORM_DISALLOW_LIST
Blocks requests that use specific transform operations.
TRANSFORM_DISALLOW_LIST=watermark,gif_anim
Accepted tokens:
| Token | Blocks |
|---|---|
resize | Width/height resize |
rotate | Image rotation |
flip | Horizontal/vertical flip |
grayscale | Grayscale conversion |
brightness | Brightness adjustment |
contrast | Contrast adjustment |
blur | Blur filter |
watermark | Watermark overlay |
gif_anim | Animated GIF processing |
Behavior
- Multiple tokens are comma-separated with no spaces
- Unknown tokens are silently ignored (a warning is logged)
- Requests that use a disallowed format or transform receive an error response