frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement allow/denyList when loading/installing modules

Browse Source
This commit is contained in:
Nick O'Leary
2020-12-27 12:49:17 +00:00
parent fc459be531
commit aacb92a7ae
6 changed files with 191 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/node_modules/@node-red/runtime/lib/api/nodes.js vendored
View File

@@ -164,7 +164,7 @@ var api = module.exports = {
throw err;
}
if (opts.tarball) {
if (runtime.settings.editorTheme && runtime.settings.editorTheme.palette && runtime.settings.editorTheme.palette.upload === false) {
if (runtime.settings.externalModules && runtime.settings.externalModules.palette && runtime.settings.externalModules.palette.upload === false) {
runtime.log.audit({event: "nodes.install",tarball:opts.tarball.file,error:"invalid_request"}, opts.req);
var err = new Error("Invalid request");
err.code = "invalid_request";