Classic298 cfd2888545 fix:image url validation and signout post (#24420) ...

* refac(routers): reject external URLs in profile/model image handlers

* refac(ui): centralize image URL validation in safeImageUrl helper

* refac(auths): make signout POST-only

* refac: gate external profile image redirect behind ENABLE_PROFILE_IMAGE_URL_FORWARDING

Restore the 302 redirect for external http(s) profile image URLs in
the user and model profile-image endpoints, but gate it behind a new
ENABLE_PROFILE_IMAGE_URL_FORWARDING env flag (default: True).

Existing deployments that rely on external profile image forwarding
continue to work unchanged.  Operators who want to suppress the
redirect (to prevent client-side IP/UA/Referer leaks) can set the
flag to False.

2026-05-09 07:33:31 +09:00

..

data

…

internal

refac

2026-05-09 02:38:08 +09:00

migrations

refac

2026-05-09 06:23:51 +09:00

models

refac

2026-05-09 06:33:26 +09:00

retrieval

refac

2026-05-09 06:41:42 +09:00

routers

fix:image url validation and signout post (#24420)

2026-05-09 07:33:31 +09:00

socket

refac

2026-05-09 03:15:53 +09:00

static

chore: format

2026-04-19 22:45:54 +09:00

storage

refac

2026-04-12 19:08:30 -05:00

test

refac

2026-03-17 17:58:01 -05:00

tools

refac

2026-05-09 06:13:58 +09:00

utils

refac

2026-05-09 06:56:22 +09:00

__init__.py

refac

2026-05-09 02:38:08 +09:00

alembic.ini

…

config.py

refac

2026-05-09 06:41:42 +09:00

constants.py

chore: format

2026-04-14 17:27:31 -05:00

env.py

fix:image url validation and signout post (#24420)

2026-05-09 07:33:31 +09:00

functions.py

refac

2026-05-09 04:17:58 +09:00

main.py

fix(mcp): remove asyncio.wait_for/shield from MCP cleanup in chat handler (#24105)

2026-05-09 07:15:24 +09:00

tasks.py

refac

2026-03-17 17:58:01 -05:00