FEATURE: Secure uploads in PMs only (#23398)

This adds a new secure_uploads_pm_only site setting. When secure_uploads is true with this setting, only uploads created in PMs will be marked secure; no uploads in secure categories will be marked as secure, and the login_required site setting has no bearing on upload security either. This is meant to be a stopgap solution to prevent secure uploads in a single place (private messages) for sensitive admin data exports. Ideally we would want a more comprehensive way of saying that certain upload types get secured which is a hybrid/mixed mode secure uploads, but for now this will do the trick.
2025-05-23 11:41:03 +08:00 · 2023-09-06 09:39:09 +10:00
parent de9b567c19
commit c532f6eb3d
14 changed files with 283 additions and 43 deletions
--- a/spec/lib/upload_security_spec.rb
+++ b/spec/lib/upload_security_spec.rb
@ -28,6 +28,14 @@ RSpec.describe UploadSecurity do
          expect(security.should_be_secure?).to eq(true)
        end

+        context "if secure_uploads_pm_only" do
+          before { SiteSetting.secure_uploads_pm_only = true }
+
+          it "returns false" do
+            expect(security.should_be_secure?).to eq(false)
+          end
+        end
+
        context "when uploading in public context" do
          describe "for a public type badge_image" do
            let(:type) { "badge_image" }