fix(core): Prevent XSS via static cache dir (#10339)

2024-08-09 16:40:50 +02:00
parent 1cf48cc301
commit 4f392b5e3e
4 changed files with 25 additions and 5 deletions
--- a/packages/cli/src/config/schema.ts
+++ b/packages/cli/src/config/schema.ts
@@ -341,7 +341,7 @@ export const schema = {
 			env: 'N8N_RESTRICT_FILE_ACCESS_TO',
 		},
 		blockFileAccessToN8nFiles: {
-			doc: 'If set to true it will block access to all files in the ".n8n" directory and user defined config files.',
+			doc: 'If set to true it will block access to all files in the ".n8n" directory, the static cache dir at ~/.cache/n8n/public, and user defined config files.',
 			format: Boolean,
 			default: true,
 			env: 'N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES',